Changes to swr_umn from docs/doc-exports#414 (SWR UMN initial version reuploaded

Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>

umn/source/change_history.rst

@@ -0,0 +1,25 @@
+:original_name: swr_change_index.html
+
+.. _swr_change_index:
+
+Change History
+==============
+
++-----------------------------------+-------------------------------------------------------------------------------------------------------+
+| Release Date                      | Description                                                                                           |
++===================================+=======================================================================================================+
+| 2022-06-09                        | Permission description is added in :ref:`User Permissions <swr_01_0015>`.                             |
++-----------------------------------+-------------------------------------------------------------------------------------------------------+
+| 2021-08-30                        | :ref:`Service Overview <swr_pd_index>`, :ref:`FAQs <swr_faq_index>` is added.                         |
++-----------------------------------+-------------------------------------------------------------------------------------------------------+
+| 2020-06-18                        | -  Prerequisites in :ref:`Uploading an Image Through the Client <swr_01_0011>` are updated.           |
+|                                   | -  Content related to organization deletion is added in :ref:`Organization Management <swr_01_0014>`. |
++-----------------------------------+-------------------------------------------------------------------------------------------------------+
+| 2020-05-26                        | Updated:                                                                                              |
+|                                   |                                                                                                       |
+|                                   | -  :ref:`Basics of the Container Engine <swr_01_0006>`                                                |
+|                                   | -  :ref:`Uploading an Image Through the Client <swr_01_0011>`                                         |
+|                                   | -  :ref:`User Permissions <swr_01_0015>`                                                              |
++-----------------------------------+-------------------------------------------------------------------------------------------------------+
+| 2020-04-21                        | This issue is the first official release.                                                             |
++-----------------------------------+-------------------------------------------------------------------------------------------------------+

umn/source/conf.py

@@ -26,9 +26,6 @@ otcdocs_auto_version = False
 
 project = 'Software Repository for Containers'
 otcdocs_repo_name = 'docs/software-repository-container'
-# Those variables are required for edit/bug links
-otcdocs_git_fqdn = 'gitea.eco.tsi-dev.otc-service.com'
-otcdocs_git_type = 'gitea'
 
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
@@ -75,12 +72,11 @@ show_authors = False
 html_theme = 'otcdocs'
 
 # Theme options are theme-specific and customize the look and feel of a theme
-# further. For a list of options available for each theme, see the
+# further.  For a list of options available for each theme, see the
 # documentation.
 html_theme_options = {
-    "disable_search": True,
-    "site_name": "Internal Documentation Portal",
-    "logo_url": "https://docs-int.otc-service.com",
+    'disable_search': True,
+    'site_name': 'Internal Documentation Portal'
 }
 
 # The name for this set of Sphinx documents.  If None, it defaults to
@@ -96,7 +92,7 @@ html_static_path = ['_static']
 
 # -- Options for PDF output --------------------------------------------------
 latex_documents = [
-    ('index',
+('index',
      'swr-umn.tex',
      u'Software Repository for Containers - User Guide',
      u'OpenTelekomCloud', 'manual'),

umn/source/faqs/general_faqs/how_do_i_create_an_image_package.rst

@@ -0,0 +1,31 @@
+:original_name: swr_faq_0004.html
+
+.. _swr_faq_0004:
+
+How Do I Create an Image Package?
+=================================
+
+Run the **docker save** command to compress the container image into a .tar or .tar.gz package. The command format is as follows:
+
+**docker save [OPTIONS] IMAGE [IMAGE...]**
+
+**[OPTIONS]** can be set to **--output** or **-o**, indicating that the image is exported to a file.
+
+Example:
+
+.. code-block::
+
+   $ docker save nginx:latest > nginx.tar
+   $ ls -sh nginx.tar
+   108M nginx.tar
+
+   $ docker save php:5-apache > php.tar.gz
+   $ ls -sh php.tar.gz
+   372M php.tar.gz
+
+   $ docker save --output nginx.tar nginx
+   $ ls -sh nginx.tar
+   108M nginx.tar
+
+   $ docker save -o nginx-all.tar nginx
+   $ docker save -o nginx-latest.tar nginx:latest

umn/source/faqs/general_faqs/index.rst

@@ -0,0 +1,18 @@
+:original_name: swr_faq_1001.html
+
+.. _swr_faq_1001:
+
+General FAQs
+============
+
+-  :ref:`SWR Overview <swr_faq_0013>`
+-  :ref:`How Do I Create a Container Image? <swr_faq_0012>`
+-  :ref:`How Do I Create an Image Package? <swr_faq_0004>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   swr_overview
+   how_do_i_create_a_container_image
+   how_do_i_create_an_image_package

umn/source/faqs/general_faqs/swr_overview.rst

@@ -0,0 +1,26 @@
+:original_name: swr_faq_0013.html
+
+.. _swr_faq_0013:
+
+SWR Overview
+============
+
+How Many Images Can Be Stored in SWR?
+-------------------------------------
+
+SWR has no limit on the number of images. You can upload any number of images.
+
+Can I Push Arm-based Container Images to SWR?
+---------------------------------------------
+
+SWR has no restriction on the kernel architecture of images. There is no difference between pushing an Arm-based image and an x86-based image to SWR.
+
+What Protocol Is Used to Push Images to SWR When I Run the docker push Command?
+-------------------------------------------------------------------------------
+
+HTTPS is used.
+
+Will an Image Be Overwritten If I Push an Image That Have the Same Name and Tag with it?
+----------------------------------------------------------------------------------------
+
+Yes, the original image will be overwritten.

umn/source/faqs/image_management_faqs/can_i_pull_container_images_on_the_swr_console_to_a_local_pc.rst

@@ -0,0 +1,24 @@
+:original_name: swr_faq_0035.html
+
+.. _swr_faq_0035:
+
+Can I Pull Container Images on the SWR Console to a Local PC?
+=============================================================
+
+Container images stored in SWR cannot be directly downloaded through the console. You can perform the following operations to pull the images:
+
+#. Obtain the image pull command on the image details page.
+
+#. Run the obtained command on the device where the Docker client is installed.
+
+   Example:
+
+   **docker pull swr.eu-de.otc.t-systems.com/group/nginx:v1**
+
+#. Save the image as a TAR or TAR.GZ file.
+
+   Example:
+
+   **docker save** **nginx:v1** **>** **nginx.tar**
+
+#. Download the file to the local host.

umn/source/faqs/image_management_faqs/index.rst

@@ -0,0 +1,18 @@
+:original_name: swr_faq_1002.html
+
+.. _swr_faq_1002:
+
+Image Management FAQs
+=====================
+
+-  :ref:`What Are the Differences Between Long-Term Valid Login Commands and Temporary Login Commands? <swr_faq_0015>`
+-  :ref:`Why Is an Image Uploaded Through the Client to SWR Different in Size From One Uploaded Through the SWR Console? <swr_faq_0005>`
+-  :ref:`Can I Pull Container Images on the SWR Console to a Local PC? <swr_faq_0035>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   what_are_the_differences_between_long-term_valid_login_commands_and_temporary_login_commands
+   why_is_an_image_uploaded_through_the_client_to_swr_different_in_size_from_one_uploaded_through_the_swr_console
+   can_i_pull_container_images_on_the_swr_console_to_a_local_pc

umn/source/faqs/image_management_faqs/what_are_the_differences_between_long-term_valid_login_commands_and_temporary_login_commands.rst

@@ -0,0 +1,13 @@
+:original_name: swr_faq_0015.html
+
+.. _swr_faq_0015:
+
+What Are the Differences Between Long-Term Valid Login Commands and Temporary Login Commands?
+=============================================================================================
+
+-  Temporary login commands will expire after 24 hours.
+-  Long-term valid login commands are valid for a year.
+
+After you obtain a long-term valid login command, your temporary login commands will still be valid as long as they are in their validity periods.
+
+The long-term valid and temporary login commands can be used by multiple users to log in to the system at the same time.

umn/source/faqs/image_management_faqs/why_is_an_image_uploaded_through_the_client_to_swr_different_in_size_from_one_uploaded_through_the_swr_console.rst

@@ -0,0 +1,27 @@
+:original_name: swr_faq_0005.html
+
+.. _swr_faq_0005:
+
+Why Is an Image Uploaded Through the Client to SWR Different in Size From One Uploaded Through the SWR Console?
+===============================================================================================================
+
+Symptom
+-------
+
+Assume that a nginx image of v2.0.0 is created on the local Docker client. The **docker images** command is run to query **SIZE** of the image. The size is **22.8 MB**.
+
+.. code-block::
+
+   $ docker images
+   REPOSITORY                         TAG             IMAGE ID       CREATED         SIZE
+   nginx                              v2.0.0          22f2bf2e2b4f   9 days ago      22.8MB
+
+#. Run the **docker push** command to upload the image to SWR. The size of the image is **9.5 MB**.
+#. On the local Docker client, pack the image into a **.tar** package. Download the **nginx.tar** package to the local host, and upload the package to SWR. The size of the package is **23.2 MB**.
+
+The size of the image uploaded through the client is different from that of the image uploaded through the SWR console.
+
+Cause Analysis
+--------------
+
+Image layers are compressed into **.tgz** packages when images are uploaded to SWR through the client, whereas when they are uploaded through the SWR console, they are only packed without being compressed. Therefore, the same image will be of different sizes when it is uploaded in these two different ways.

umn/source/faqs/index.rst

@@ -0,0 +1,18 @@
+:original_name: swr_faq_index.html
+
+.. _swr_faq_index:
+
+FAQs
+====
+
+-  :ref:`General FAQs <swr_faq_1001>`
+-  :ref:`Image Management FAQs <swr_faq_1002>`
+-  :ref:`Troubleshooting <swr_faq_2000>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   general_faqs/index
+   image_management_faqs/index
+   troubleshooting/index

umn/source/faqs/troubleshooting/index.rst

@@ -0,0 +1,18 @@
+:original_name: swr_faq_2000.html
+
+.. _swr_faq_2000:
+
+Troubleshooting
+===============
+
+-  :ref:`Why Does the Login Command Fail to Be Executed? <swr_faq_0016>`
+-  :ref:`Why Does an Image Fail to Be Uploaded Through a Container Engine Client? <swr_faq_0006>`
+-  :ref:`Why Does the docker pull Command Fail to Be Executed? <swr_faq_0033>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   why_does_the_login_command_fail_to_be_executed
+   why_does_an_image_fail_to_be_uploaded_through_a_container_engine_client
+   why_does_the_docker_pull_command_fail_to_be_executed

umn/source/faqs/troubleshooting/why_does_an_image_fail_to_be_uploaded_through_a_container_engine_client.rst

@@ -0,0 +1,63 @@
+:original_name: swr_faq_0006.html
+
+.. _swr_faq_0006:
+
+Why Does an Image Fail to Be Uploaded Through a Container Engine Client?
+========================================================================
+
+denied: you do not have the permission
+--------------------------------------
+
+**Problem**: When you push an image to SWR through your container engine client, the operation fails with the following information returned.
+
+**denied: you do not have the permission**
+
+**Possible Causes**:
+
+-  The organization name you specified has already been used by another user or the maximum number of organizations that you are allowed to create has been reached.
+-  The **docker login** command you used to log in to SWR is generated using the AK and SK of an IAM user who does not have the permission of the target organization.
+
+**Solutions**:
+
+-  If the organization name has been registered by another user, create an organization and then upload the image.
+-  If the number of SWR organizations reaches the quota (5 per user), upload the image to an existing organization.
+-  If the IAM user does not have the permission of the target organization, log in as the cloud account and grant corresponding permissions to the IAM user and try again.
+
+Message "tag does not exist: xxxxxx" or "An image does not exist locally with the tag: xxxxxx" Displayed
+--------------------------------------------------------------------------------------------------------
+
+**Problem**: When you push an image to SWR through your container engine client, the operation fails with the following information returned.
+
+**tag does not exist: xxxxxx**
+
+Or
+
+**An image does not exist locally with the tag: xxxxxx**
+
+**Possible cause**: The image or image tag to be pushed does not exist.
+
+**Solution**: Run the **docker images** command to view all the local images. Check the target image name and tag, and push the image again.
+
+name invalid: 'repository' is invalid
+-------------------------------------
+
+**Problem**: When you push an image to SWR through your container engine client, the operation fails with the following information returned.
+
+**name invalid: 'repository' is invalid**
+
+**Possible cause**: The organization name or image name does not comply with the naming rules.
+
+**Solution**: The regular expressions of the organization (namespace) name and image (repository) name are as follows:
+
+Organization name: The value contains a maximum of 64 characters and must meet regular expression **^([a-z]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
+
+Image name: The value contains a maximum of 128 characters and must meet regular expression **^([a-z0-9]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
+
+Specify a valid organization name or image name, and push the image again.
+
+Image Push Occasionally Times Out
+---------------------------------
+
+**Problem**: Image push occasionally times out.
+
+**Solution**: When you push an image from a server in Chinese mainland to a server outside Chinese mainland, the network may be unstable.

umn/source/faqs/troubleshooting/why_does_the_docker_pull_command_fail_to_be_executed.rst

@@ -0,0 +1,47 @@
+:original_name: swr_faq_0033.html
+
+.. _swr_faq_0033:
+
+Why Does the **docker pull** Command Fail to Be Executed?
+=========================================================
+
+x509: certificate sigined by unknown authority
+----------------------------------------------
+
+**Problem**: When you run the **docker pull** command to pull an image from SWR, error message "x509: certificate signed by unknown certificates" is displayed.
+
+**Possible Causes**:
+
+-  A container engine client and SWR communicate with each other using HTTPS. When the client verifies the server certificate and finds that the root certificate installed on the client is incomplete, the error message "x509: certificate signed by unknown certificates" is displayed.
+-  A proxy is configured on the container engine client.
+
+**Solution**:
+
+-  If you trust the server, skip certificate authentication. Specifically, manually configure the container engine startup parameters using either of the following two methods. Replace *Image repository address* with the actual SWR repository address.
+
+   -  Add the following configuration to the **/etc/docker/daemon.json** file. If the file does not exist, manually create it. Ensure that two-space indents are used in the configuration.
+
+      .. code-block::
+
+         {
+           "insecure-registries":["Image repository address"]
+         }
+
+   -  /etc/sysconfig/docker:
+
+      .. code-block::
+
+         INSECURE_REGISTRY='--insecure-registry=Image repository address'
+
+   After configuration, run the **systemctl restart docker** or **service restart docker** command to restart the container engine.
+
+-  Run the **docker info** command to check whether the proxy is correctly configured. If not, modify the configuration.
+
+Error: remote trust data does not exist
+---------------------------------------
+
+**Problem**: When you run the **docker pull** command to pull an image from SWR, message "Error: remote trust data does not exist" is displayed.
+
+**Possible cause**: The image signature verification is enabled on the client. However, the image to be pulled does not contain a signature layer.
+
+**Solution**: Check whether the environment variable **DOCKER_CONTENT_TRUST** is set to **1**. If yes, delete **DOCKER_CONTENT_TRUST=1** from the **/etc/profile** file and run the **source /etc/profile** command to make the modification take effect.

umn/source/faqs/troubleshooting/why_does_the_login_command_fail_to_be_executed.rst

@@ -0,0 +1,94 @@
+:original_name: swr_faq_0016.html
+
+.. _swr_faq_0016:
+
+Why Does the Login Command Fail to Be Executed?
+===============================================
+
+Possible causes are as follows:
+
+#. The container engine is not properly installed, in which case the following error is reported:
+
+   **docker: command not found**
+
+   **Solution**: Reinstall the container engine.
+
+   -  It is advised to install container engine 1.11.2 or later because earlier versions do not support image push to SWR.
+   -  If the container engine client is in a private network, bind an elastic IP address (EIP) to the client. This EIP will allow the client to download installation packages from the website.
+
+2. .. _swr_faq_0016__li1489599133814:
+
+   The temporary login command has expired, or the regional project name, access key (AK), or login key in the command is incorrect, in which case the following error is reported:
+
+   **unauthorized: authentication required**
+
+   **Solution**: Log in to the SWR console. In the navigation pane on the left, choose **My Images**. On the page displayed, click **Upload Through Client**. Then you can find the information on how to obtain a login command.
+
+   a. .. _swr_faq_0016__li48456813192:
+
+      To obtain a temporary login command, click **Generate a temporary login command** and then click |image1| to copy the command.
+
+   b. To obtain a long-term valid login command, click **learn how to obtain a login command that has long-term validity** and follow the instructions.
+
+3. The image repository address in the login command is incorrect, in which case the following error is reported:
+
+   **Error llgging in to v2 endpoint, trying next endpoint: Get https://{{endpoint}}/v2/: dial tcp: lookup {{endpoint}} on xxx.xxx.xxx.xxx:53 : no such host**
+
+   **Solutions**:
+
+   a. Change the image repository address in the login command.
+   b. Generate a temporary login command. For detailed instructions, see :ref:`2 <swr_faq_0016__li48456813192>`.
+
+4. **x509: certficate has expired or is not yet valid**
+
+   The preceding error is reported when the AK/SK in the login command with long-term validity is deleted. In this case, use a valid AK/SK to generate a login command.
+
+5. **x509: certficate signed by unknown authority**
+
+   **Possible Causes**:
+
+   The container engine client communicates with SWR through HTTPS. The client verifies the server certificate. If the server certificate is not issued by an authoritative organization, the following error message is displayed: "x509: certficate signed by unknown authority".
+
+   |image2|
+
+   **Solutions**:
+
+   If you trust the server and skip certificate authentication, manually configure Docker startup parameters as follows:
+
+   -  CentOS:
+
+      Modify the **/etc/docker/daemon.json** file. If the file does not exist, manually create it. Add the following content to the file:
+
+      .. code-block::
+
+         {
+           "insecure-registries": ["{Image repository address}"]
+         }
+
+   -  Ubuntu:
+
+      Modify the **/etc/default/docker** file and add the following content to **DOCKER_OPTS**:
+
+      .. code-block::
+
+         DOCKER_OPTS="--insecure-registry {image repository address}"
+
+   -  EulerOS:
+
+      Modify the **/etc/sysconfig/docker** file and add the following content to **INSECURE_REGISTRY**:
+
+      .. code-block::
+
+         INSECURE_REGISTRY='--insecure-registry {image repository address}'
+
+   .. note::
+
+      The image repository address can be a domain name or an IP address.
+
+      -  To obtain the image repository address in domain name format, obtain a temporary login command by referring to :ref:`2 <swr_faq_0016__li1489599133814>`. The domain name at the end of the command is the image repository address.
+      -  To obtain the image repository address in IP address format, ping the image repository address in the domain name format.
+
+   After the configuration, run the **systemctl restart docker** command to restart the container engine.
+
+.. |image1| image:: /_static/images/en-us_image_0168961239.png
+.. |image2| image:: /_static/images/en-us_image_0000001137013964.png

umn/source/image_management/index.rst

@@ -0,0 +1,22 @@
+:original_name: swr_01_0028.html
+
+.. _swr_01_0028:
+
+Image Management
+================
+
+-  :ref:`Uploading an Image Through the Client <swr_01_0011>`
+-  :ref:`Obtaining a Long-Term Valid Login Command <swr_01_1000>`
+-  :ref:`Pulling an Image <swr_01_0017>`
+-  :ref:`Setting Image Attributes <swr_01_0016>`
+-  :ref:`Sharing Private Images <swr_01_0026>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   uploading_an_image_through_the_client
+   obtaining_a_long-term_valid_login_command
+   pulling_an_image
+   setting_image_attributes
+   sharing_private_images

umn/source/image_management/obtaining_a_long-term_valid_login_command.rst

@@ -0,0 +1,77 @@
+:original_name: swr_01_1000.html
+
+.. _swr_01_1000:
+
+Obtaining a Long-Term Valid Login Command
+=========================================
+
+Scenario
+--------
+
+This section describes how to obtain a login command that is valid for a year.
+
+.. note::
+
+   For security purposes, it is advised to obtain the login command in the development environment.
+
+Procedure
+---------
+
+#. .. _swr_01_1000__li5768123671815:
+
+   Obtain the region project name and image repository address.
+
+   a. Log in to the management console, click your username in the upper right corner, and click **My Credentials**.
+   b. On the **Project List** tab page, search for the project corresponding to the current region.
+   c. Obtain the image repository address by referring to :ref:`1.b <swr_01_0011__en-us_topic_0112596104_li182568055016>`. The domain name at the end of the login command is the image repository address.
+
+#. .. _swr_01_1000__li1863783911295:
+
+   Obtain an AK/SK.
+
+   .. note::
+
+      The access key ID (AK) and secret access key (SK) are a pair of access keys used together to authenticate users who wish to make API requests. The AK/AS pair provides functions similar to a password. If you already have an AK/SK, skip this step.
+
+   a. Log in to the management console, click your username in the upper right corner, and click **My Credentials**.
+   b. On the **Access Keys** tab page, click **Add Access Key**.
+   c. Enter the login password and verification code sent to your mailbox or mobile phone.
+   d. Download the access key, which includes the AK and SK.
+
+      .. note::
+
+         Keep the access key secure and do not disclose it to any unauthorized personnel.
+
+#. .. _swr_01_1000__li132430753010:
+
+   Log in to a Linux PC and run the following command to obtain the login key:
+
+   **printf "$AK" \| openssl dgst -binary -sha256 -hmac "$SK" \| od -An -vtx1 \| sed 's/[ \\n]//g' \| sed 'N;s/\\n//'**
+
+   In the command, **$AK** and **$SK** indicate the AK and SK obtained in :ref:`Step 2 <swr_01_1000__li1863783911295>` respectively.
+
+
+   .. figure:: /_static/images/en-us_image_0165729699.png
+      :alt: **Figure 1** Sample command output
+
+      **Figure 1** Sample command output
+
+#. Put the information you obtained in the following format to generate a long-term valid login command:
+
+   **docker login -u** [*Regional project name*]\ **@**\ [*AK*] **-p** [*Login key*] [*Image repository address*]
+
+   In the command, the regional project name and image repository address are obtained in :ref:`Step 1 <swr_01_1000__li5768123671815>`, the AK in :ref:`Step 2 <swr_01_1000__li1863783911295>`, and the login key in :ref:`Step 3 <swr_01_1000__li132430753010>`.
+
+
+   .. figure:: /_static/images/en-us_image_0000001154534788.png
+      :alt: **Figure 2** Long-term login command
+
+      **Figure 2** Long-term login command
+
+   .. note::
+
+      The login key is encrypted and cannot be decrypted. Therefore, other users cannot obtain the SK from -p.
+
+      The login command can be used on other devices.
+
+#. Run the **history -c** command to clear the operation records.

umn/source/image_management/pulling_an_image.rst

@@ -0,0 +1,48 @@
+:original_name: swr_01_0017.html
+
+.. _swr_01_0017:
+
+Pulling an Image
+================
+
+Scenario
+--------
+
+You can run the **docker pull** command to pull images from SWR.
+
+Procedure
+---------
+
+#. Log in to the VM running the container engine as the **root** user.
+
+#. Obtain a login command by referring to :ref:`Step 1 <swr_01_0011__en-us_topic_0112596104_en-us_topic_0075378957_li58001655123>` and access SWR.
+
+#. Log in to the SWR console.
+
+#. In the navigation pane, choose **My Images** and click the target image.
+
+#. .. _swr_01_0017__en-us_topic_0084266454_li197783469319:
+
+   On the **Image Tags** tab page, in the same row as the target image tag, click |image1| in the **Image Pull Command** column to copy the command.
+
+
+   .. figure:: /_static/images/en-us_image_0000001154597496.png
+      :alt: **Figure 1** Obtaining the image pull command
+
+      **Figure 1** Obtaining the image pull command
+
+#. Run the **image pull** command obtained in :ref:`Step 5 <swr_01_0017__en-us_topic_0084266454_li197783469319>` on the VM.
+
+   Run the **docker images** command to check whether the images are successfully pulled.
+
+   .. code-block::
+
+      # docker images
+      REPOSITORY                                  TAG       IMAGE ID       CREATED         SIZE
+      xxx/group/nginx                             v2.0.0    22f2bf2e2b4f   5 hours ago     22.8MB
+
+#. (Optional) Run the following command to save the image as an archive file:
+
+   **docker save** [*Image name:tag name*] **>** [*Archive file name*]
+
+.. |image1| image:: /_static/images/en-us_image_0282767856.png

umn/source/image_management/setting_image_attributes.rst

@@ -0,0 +1,63 @@
+:original_name: swr_01_0016.html
+
+.. _swr_01_0016:
+
+Setting Image Attributes
+========================
+
+Scenario
+--------
+
+After uploading an image, you can set image attributes, including its type (private by default), category and description.
+
+Public images can be pulled by all users; whereas the access to private images requires corresponding permissions. You can add permissions, namely, read, write, and manage, to allow users to access your private images. For details, see :ref:`Granting Permissions for a Specific Image <swr_01_0015__section851514354541>`.
+
+Procedure
+---------
+
+#. Log in to the SWR console.
+
+#. In the navigation pane, choose **My Images** and click the desired image.
+
+#. On the details page, click **Edit** in the upper right corner. On the page displayed, set **Sharing Type** (**Public** or **Private**), **Category**, and **Description**, and click **OK**.
+
+
+   .. figure:: /_static/images/en-us_image_0000001154760600.png
+      :alt: **Figure 1** Setting Image Attributes
+
+      **Figure 1** Setting Image Attributes
+
+   .. table:: **Table 1** Editing an image
+
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
+      | Parameter                         | Description                                                                                                                                                     |
+      +===================================+=================================================================================================================================================================+
+      | Organization                      | The organization to which the image belongs                                                                                                                     |
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
+      | Image                             | Image name                                                                                                                                                      |
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
+      | Sharing Type                      | The following options are available:                                                                                                                            |
+      |                                   |                                                                                                                                                                 |
+      |                                   | -  Public                                                                                                                                                       |
+      |                                   | -  Private                                                                                                                                                      |
+      |                                   |                                                                                                                                                                 |
+      |                                   | .. note::                                                                                                                                                       |
+      |                                   |                                                                                                                                                                 |
+      |                                   |    Public images can be pulled and used by all users.                                                                                                           |
+      |                                   |                                                                                                                                                                 |
+      |                                   |    -  If your machine and the image repository are in the same region, you can access the image repository over private networks.                               |
+      |                                   |    -  If your machine and the image repository are in different regions, the node must have access to public networks to pull images from the image repository. |
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
+      | Category                          | The following options are available:                                                                                                                            |
+      |                                   |                                                                                                                                                                 |
+      |                                   | -  Application server                                                                                                                                           |
+      |                                   | -  Linux                                                                                                                                                        |
+      |                                   | -  Windows                                                                                                                                                      |
+      |                                   | -  Arm                                                                                                                                                          |
+      |                                   | -  Framework & Application                                                                                                                                      |
+      |                                   | -  Database                                                                                                                                                     |
+      |                                   | -  Language                                                                                                                                                     |
+      |                                   | -  Others                                                                                                                                                       |
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+
+      | Description                       | Image description. Enter a maximum of 30,000 characters.                                                                                                        |
+      +-----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------+

umn/source/image_management/sharing_private_images.rst

@@ -0,0 +1,55 @@
+:original_name: swr_01_0026.html
+
+.. _swr_01_0026:
+
+Sharing Private Images
+======================
+
+Scenario
+--------
+
+You can share your **private images** with other users and grant the users access permissions.
+
+The user with whom you shared the image can then log in to SWR console to view the image by clicking **My Images > Shared Images**. On the tab page, the user can click the target image to check its detailed information, including the image tag and image pull command.
+
+Notes and Constraints
+---------------------
+
+-  Only private images can be shared. Public images cannot be shared.
+-  Only users authorized to manage the private images can share images. The users with whom you share your images only have the read-only permission, which only allows them to pull the images.
+-  You can share images only with accounts in the same region. Cross-region image sharing is not supported.
+
+Procedure
+---------
+
+#. Log in to the SWR console.
+
+#. In the navigation pane, choose **My Images** and click the target image.
+
+#. On the details page, click the **Sharing** tab.
+
+#. Click **Share Image**. Set parameters based on :ref:`Table 1 <swr_01_0026__table15531841319>`, and click **OK**.
+
+
+   .. figure:: /_static/images/en-us_image_0000001200681339.png
+      :alt: **Figure 1** Sharing an image
+
+      **Figure 1** Sharing an image
+
+   .. _swr_01_0026__table15531841319:
+
+   .. table:: **Table 1** Sharing an image
+
+      +-------------+-------------------------------------------------------------------------------------------------------------------------+
+      | Parameter   | Description                                                                                                             |
+      +=============+=========================================================================================================================+
+      | Share With  | Enter an account name with which you want to share the image.                                                           |
+      +-------------+-------------------------------------------------------------------------------------------------------------------------+
+      | Valid Until | Set a validity period. If you want the image to be permanently accessible to the account, select **Permanently valid**. |
+      +-------------+-------------------------------------------------------------------------------------------------------------------------+
+      | Description | Enter a maximum of 1,000 characters.                                                                                    |
+      +-------------+-------------------------------------------------------------------------------------------------------------------------+
+      | Permission  | Only the **Pull** permission is supported currently.                                                                    |
+      +-------------+-------------------------------------------------------------------------------------------------------------------------+
+
+#. To view all the images that you have shared, choose **My Images** in the navigation pane, click the **Private Images** tab, and select **Display only shared images**.

umn/source/index.rst

@@ -2,3 +2,14 @@
 Software Repository for Containers - User Guide
 ===============================================
 
+.. toctree::
+   :maxdepth: 1
+
+   service_overview/index
+   introduction
+   basics_of_the_container_engine
+   image_management/index
+   organization_management
+   user_permissions
+   faqs/index
+   change_history

umn/source/introduction.rst

@@ -0,0 +1,16 @@
+:original_name: swr_01_0009.html
+
+.. _swr_01_0009:
+
+Introduction
+============
+
+SoftWare Repository for Container (SWR) allows you to easily manage the full lifecycle of container images and facilitates secure deployment of images for your applications.
+
+SWR provides private image repositories and fine-grained permission management, allowing you to grant different access permissions, namely, read, write, and edit, to different users.
+
+
+.. figure:: /_static/images/en-us_image_0000001200587685.png
+   :alt: **Figure 1** How SWR works
+
+   **Figure 1** How SWR works

umn/source/organization_management.rst

@@ -0,0 +1,72 @@
+:original_name: swr_01_0014.html
+
+.. _swr_01_0014:
+
+Organization Management
+=======================
+
+Scenario
+--------
+
+Organizations enable efficient management of images. Organizations are used to isolate image repositories. With each organization being limited to one company or department, images can be managed in a centralized and efficient manner. An image name needs to be unique within an organization. The same user can access different organizations as long as the user has sufficient permissions, as shown in :ref:`Figure 1 <swr_01_0014__fig1924953913304>`.
+
+You can grant different permissions, namely, read, write, and manage, to users created by the same account. For details, see :ref:`User Permissions <swr_01_0015>`.
+
+.. _swr_01_0014__fig1924953913304:
+
+.. figure:: /_static/images/en-us_image_0000001154801774.png
+   :alt: **Figure 1** Organization
+
+   **Figure 1** Organization
+
+.. _swr_01_0014__section12921632181415:
+
+Creating an Organization
+------------------------
+
+You can create organizations based on the organizational structure of your enterprise to facilitate image resource management. Create an organization before you push an image.
+
+#. Log in to the SWR console.
+
+#. In the navigation pane on the left, choose **Organization Management** and click **Create Organization**. On the page displayed, specify **Organization Name** and click **OK**.
+
+
+   .. figure:: /_static/images/en-us_image_0000001200800369.png
+      :alt: **Figure 2** Creating an Organization
+
+      **Figure 2** Creating an Organization
+
+   .. note::
+
+      -  The organization name must be globally unique. If a message is displayed indicating that the organization already exists, the organization name may have been used by another user. Use another organization name.
+      -  After a tenant is deleted, residual organization resources may exist. In this case, the message indicating that the organization already exists could also be displayed when you create an organization. Use another organization name.
+
+Viewing the Images of an Organization
+-------------------------------------
+
+After you create an organization and push images to it, you can view the image list of the organization.
+
+#. Log in to the SWR console.
+
+#. In the navigation pane, choose **Organization Management**. On the page displayed, click the desired organization name in the list.
+
+#. To view the images of this organization, click the **Image** tab.
+
+
+   .. figure:: /_static/images/en-us_image_0000001154966988.png
+      :alt: **Figure 3** Viewing the Images of an Organization
+
+      **Figure 3** Viewing the Images of an Organization
+
+Deleting an Organization
+------------------------
+
+Before deleting an organization, delete all the images in the organization.
+
+#. Log in to the SWR console.
+#. In the navigation pane, choose **Organization Management**. On the page displayed, click the desired organization name in the list.
+#. Click **Delete** in the upper right corner. In the displayed dialog box, enter **DELETE** as prompted and click **Yes**.
+
+.. important::
+
+   Before you delete a tenant, delete its organizations first; otherwise, residual organization resources may exist. When you create an organization that has the same name with the residual organization, a message is displayed indicating that the organization already exists.

umn/source/service_overview/advantages.rst

@@ -0,0 +1,24 @@
+:original_name: swr_03_0002.html
+
+.. _swr_03_0002:
+
+Advantages
+==========
+
+Ease of Use
+-----------
+
+-  You can directly push and pull container images without platform build or O&M.
+-  SWR provides an easy-to-use management console for full lifecycle management over container images.
+
+Security and Reliability
+------------------------
+
+-  SWR supports HTTPS to ensure secure image transmission, and provides multiple security isolation mechanisms between and inside accounts.
+-  Based on professional storage services, SWR provides highly reliable storage service for your container images.
+
+Image Acceleration
+------------------
+
+-  SWR uses the P2P image download acceleration technology to ensure faster image pull for CCE clusters in high concurrency scenarios.
+-  Intelligent node scheduling around the globe ensures that your image build tasks can be automatically assigned to the idle nodes nearest to the image repository.

umn/source/service_overview/application_scenarios.rst

@@ -0,0 +1,25 @@
+:original_name: swr_03_0004.html
+
+.. _swr_03_0004:
+
+Application Scenarios
+=====================
+
+Image Lifecycle Management
+--------------------------
+
+You can use SWR to build, push, pull, synchronize, and delete container images.
+
+**Advantages**
+
+-  P2P download acceleration ensures faster image pull for CCE clusters.
+-  Up to 99.999999999% image storage reliability is achieved by working with Object Storage Service (OBS).
+-  Fine-grained authorization allows you to control access to specific images and images in specific organizations.
+
+**Related Services**
+
+You can use SWR together with CCE in this scenario.
+
+|image1|
+
+.. |image1| image:: /_static/images/en-us_image_0294353976.png