From d6025906930c6f1df90192b564a10da58a126902 Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Thu, 6 Feb 2025 22:06:12 +0800 Subject: [PATCH 01/16] add tiup no-sudo doc --- TOC.md | 1 + tiup/tiup-cluster-no-sudo-mode.md | 195 ++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 tiup/tiup-cluster-no-sudo-mode.md diff --git a/TOC.md b/TOC.md index dac9feb4bf164..f69e8f1db7e25 100644 --- a/TOC.md +++ b/TOC.md @@ -432,6 +432,7 @@ - TiUP Components - [tiup-playground](/tiup/tiup-playground.md) - [tiup-cluster](/tiup/tiup-cluster.md) + - [tiup-cluster no-sudo mode](/tiup/tiup-cluster-no-sudo-mode.md) - [tiup-mirror](/tiup/tiup-mirror.md) - [tiup-bench](/tiup/tiup-bench.md) - [TiDB Operator](/tidb-operator-overview.md) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md new file mode 100644 index 0000000000000..27ad93bcf690c --- /dev/null +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -0,0 +1,195 @@ +--- +title: Deploy and Maintain an Online TiDB Cluster Using TiUP No-sudo Mode +summary: Learns how to deploy and maintain an online TiDB cluster using TiUP no-sudo mode. +--- + +# Deploy and Maintain an Online TiDB Cluster Using TiUP No-sudo Mode + + +This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. + +> **Note:** +> +> CentOS version limit: CentOS 8 and later versions + +## Prepare user and configure SSH mutual trust +1. Log in to all deployment target machines in sequence and use the `root` user to create a normal user named `tidb` with the following command (take the `tidb` user as an example). In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, there is no need to add the `tidb` user to sudoers. + + {{< copyable "shell-regular" >}} + + ```shell + adduser tidb + ``` + +2. Start systemd user mode for tidb user on every deployment target machine (important step) + + 1. Use `tidb` user to set XDG_RUNTIME_DIR environment variable + + {{< copyable "shell-regular" >}} + + ```shell + mkdir -p ~/.bashrc.d + echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd + source ~/.bashrc.d/systemd + ``` + + 2. Use `root` user to start user service + + {{< copyable "shell-regular" >}} + + ```shell + $ systemctl start user@1000.service #1000 is the id of tidb user. You can get the user id by executing id + $ systemctl status user@1000.service + user@1000.service - User Manager for UID 1000 + Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset> + Active: active (running) since Mon 2024-01-29 03:30:51 EST; 1min 7s ago + Main PID: 3328 (systemd) + Status: "Startup finished in 420ms." + Tasks: 6 + Memory: 6.1M + CGroup: /user.slice/user-1000.slice/user@1000.service + ├─dbus.service + │ └─3442 /usr/bin/dbus-daemon --session --address=systemd: --nofork > + ├─init.scope + │ ├─3328 /usr/lib/systemd/systemd --user + │ └─3335 (sd-pam) + └─pulseaudio.service + └─3358 /usr/bin/pulseaudio --daemonize=no --log-target=journal + ``` + + Execute `systemctl --user` in the terminal and no more errors are thrown, indicating that it has started normally. + +3. Switch to the `tidb` user on each deployment machine and create the `~/.config/systemd/user` directory. + +4. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. + +## Prepare topology file + +1. Use following command to generate topology file. + + {{< copyable "shell-regular" >}} + + ```shell + tiup cluster template > topology.yaml + ``` + +2. Edit the topology file. + + Compared with the previous mode, TiUP using no-sudo mode needs to add `systemd_mode: "user"` to topology.yaml global block. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because there will be permission issues, and you need to choose a path that ordinary users can access. The example below uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. + The rest is consistent with the old version. + + {{< copyable "shell-regular" >}} + + ```shell + global: + user: "tidb" + systemd_mode: "user" + ssh_port: 22 + deploy_dir: "data/tidb-deploy" + data_dir: "data/tidb-data" + arch: "amd64" + ... + ``` + +## Manual repair failed check items + +Executing `tiup cluster check topology.yaml` will display some failed check items, examples: + +{{< copyable "shell-regular" >}} + +```shell +Node Check Result Message +---- ----- ------ ------- +192.168.124.27 thp Fail THP is enabled, please disable it for best performance +192.168.124.27 command Pass numactl: policy: default +192.168.124.27 os-version Pass OS is CentOS Stream 8 +192.168.124.27 network Pass network speed of ens160 is 10000MB +192.168.124.27 disk Warn mount point / does not have 'noatime' option set +192.168.124.27 disk Fail multiple components tikv:/home/blackcat/data/tidb-deploy/tikv-20160/data/tidb-data,tikv:/home/blackcat/data/tidb-deploy/tikv-20161/data/tidb-data are using the same partition 192.168.124.27:/ as data dir +192.168.124.27 selinux Pass SELinux is disabled +192.168.124.27 cpu-cores Pass number of CPU cores / threads: 16 +192.168.124.27 cpu-governor Warn Unable to determine current CPU frequency governor policy +192.168.124.27 swap Warn swap is enabled, please disable it for best performance +192.168.124.27 memory Pass memory size is 9681MB +192.168.124.27 service Fail service firewalld is running but should be stopped +``` + +Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. + +1. Install the numactl tool + + {{< copyable "shell-regular" >}} + + ```shell + sudo yum -y install numactl + ``` + +2. Close swap + + {{< copyable "shell-regular" >}} + + ```shell + swapoff -a || exit 0 + ``` + +3. Disable transparent huge pages + + {{< copyable "shell-regular" >}} + + ```shell + echo never > /sys/kernel/mm/transparent_hugepage/enabled + ``` + +4. Start irqbalance service + + {{< copyable "shell-regular" >}} + + ```shell + systemctl start irqbalance + ``` + +5. Turn off the firewall and turn off firewall auto-start + + {{< copyable "shell-regular" >}} + + ```shell + systemctl stop firewalld.service + systemctl disable firewalld.service + ``` + +6. Modify sysctl parameters + + {{< copyable "shell-regular" >}} + + ```shell + echo "fs.file-max = 1000000">> /etc/sysctl.conf + echo "net.core.somaxconn = 32768">> /etc/sysctl.conf + echo "net.ipv4.tcp_tw_recycle = 0">> /etc/sysctl.conf + echo "net.ipv4.tcp_syncookies = 0">> /etc/sysctl.conf + echo "vm.overcommit_memory = 1">> /etc/sysctl.conf + echo "vm.swappiness = 0">> /etc/sysctl.conf + sysctl -p + ``` + +7. Configure the user’s limits.conf file + + {{< copyable "shell-regular" >}} + + ```shell + cat << EOF >>/etc/security/limits.conf + tidb soft nofile 1000000 + tidb hard nofile 1000000 + tidb soft stack 32768 + tidb hard stack 32768 + EOF + ``` + +## Deploy cluster + +In order to use the `tidb` user prepared in the above steps and avoid re-creating a new user, you need to add `--user tidb` when executing the deploy command, that is: + +{{< copyable "shell-regular" >}} + +```shell + tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb +``` From e197ab071d770c2b4a409d86fffe8fc563f9f5da Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Sat, 8 Feb 2025 15:06:08 +0800 Subject: [PATCH 02/16] add faq --- tiup/tiup-cluster-no-sudo-mode.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 27ad93bcf690c..57762dfd865dc 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -21,7 +21,7 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. adduser tidb ``` -2. Start systemd user mode for tidb user on every deployment target machine (important step) +2. Start systemd user mode for `tidb` user on every deployment target machine (important step) 1. Use `tidb` user to set XDG_RUNTIME_DIR environment variable @@ -59,9 +59,7 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. Execute `systemctl --user` in the terminal and no more errors are thrown, indicating that it has started normally. -3. Switch to the `tidb` user on each deployment machine and create the `~/.config/systemd/user` directory. - -4. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. +3. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. ## Prepare topology file @@ -171,7 +169,7 @@ Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing sysctl -p ``` -7. Configure the user’s limits.conf file +7. Configure the user's limits.conf file {{< copyable "shell-regular" >}} @@ -193,3 +191,14 @@ In order to use the `tidb` user prepared in the above steps and avoid re-creatin ```shell tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb ``` + +## FAQ +1. When starting user@.service, an error occurs: Failed to fully start up daemon: Permission denied + + This may be because the `pam_systemd.so` is missing from your `/etc/pam.d/system-auth.ued` file. You can use the following command to check whether the `/etc/pam.d/system-auth.ued` file already contains the configuration of the `pam_systemd.so` module. If not, append the line `session optional pam_systemd.so` to the end of the file. + + {{< copyable "shell-regular" >}} + + ```shell + grep 'pam_systemd.so' /etc/pam.d/system-auth.ued || echo 'session optional pam_systemd.so' >> /etc/pam.d/system-auth.ued + ``` From f6f0024956a9ebd7fc5a9567891dbb5906675e42 Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Sat, 8 Feb 2025 16:52:59 +0800 Subject: [PATCH 03/16] add more commands --- tiup/tiup-cluster-no-sudo-mode.md | 48 +++++++++++++++++++++---- tiup/tiup-cluster-topology-reference.md | 2 ++ 2 files changed, 43 insertions(+), 7 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 57762dfd865dc..93eb467c08ca3 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -73,12 +73,12 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. 2. Edit the topology file. - Compared with the previous mode, TiUP using no-sudo mode needs to add `systemd_mode: "user"` to topology.yaml global block. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because there will be permission issues, and you need to choose a path that ordinary users can access. The example below uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. + Compared with the previous mode, TiUP using no-sudo mode needs to add the line `systemd_mode: "user"` in the global block of topology.yaml. The `systemd_mode` parameter is used to indicate whether to use systemd user mode. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because there will be permission issues, and you need to choose a path that ordinary users can access. The example below uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. The rest is consistent with the old version. {{< copyable "shell-regular" >}} - ```shell + ```yaml global: user: "tidb" systemd_mode: "user" @@ -89,9 +89,9 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. ... ``` -## Manual repair failed check items +## Manually repair failed check items -Executing `tiup cluster check topology.yaml` will display some failed check items, examples: +Executing `tiup cluster check topology.yaml --user tidb` will display some failed check items, examples: {{< copyable "shell-regular" >}} @@ -112,7 +112,7 @@ Node Check Result Message 192.168.124.27 service Fail service firewalld is running but should be stopped ``` -Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. +Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply --user tidb` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. 1. Install the numactl tool @@ -177,8 +177,10 @@ Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing cat << EOF >>/etc/security/limits.conf tidb soft nofile 1000000 tidb hard nofile 1000000 - tidb soft stack 32768 - tidb hard stack 32768 + tidb soft stack 32768 + tidb hard stack 32768 + tidb soft core unlimited + tidb hard core unlimited EOF ``` @@ -192,6 +194,38 @@ In order to use the `tidb` user prepared in the above steps and avoid re-creatin tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb ``` +Start cluster + +{{< copyable "shell-regular" >}} + +```shell +tiup cluster start mycluster +``` + +Scale-out cluster + +{{< copyable "shell-regular" >}} + +```shell +tiup cluster scale-out mycluster scale.yaml --user tidb +``` + +Scale-in cluster + +{{< copyable "shell-regular" >}} + +```shell +tiup cluster scale-in mycluster -N 192.168.124.27:20160 +``` + +Upgrade cluster + +{{< copyable "shell-regular" >}} + +```shell +tiup cluster upgrade mycluster v8.2.0 +``` + ## FAQ 1. When starting user@.service, an error occurs: Failed to fully start up daemon: Permission denied diff --git a/tiup/tiup-cluster-topology-reference.md b/tiup/tiup-cluster-topology-reference.md index 53d3a442bb4d6..293b30524e960 100644 --- a/tiup/tiup-cluster-topology-reference.md +++ b/tiup/tiup-cluster-topology-reference.md @@ -42,6 +42,8 @@ The `global` section corresponds to the cluster's global configuration and has t - `group`: The user group to which a user belongs. It is specified when the user is created. The value defaults to that of the `` field. If the specified group does not exist, it is automatically created. +- `systemd_mode`: The systemd mode used on the target machine during cluster deployment. The default value is `system`. If it is set to `user`, it means that sudo permissions are not used on the target machine, that is, the TiUP no-sudo mode is used. + - `ssh_port`: Specifies the SSH port to connect to the target machine for operations. The default value is `22`. - `enable_tls`: Specifies whether to enable TLS for the cluster. After TLS is enabled, the generated TLS certificate must be used for connections between components or between the client and the component. The default value is `false`. From dcdd494aac0ac74ad18764ee7a877a1caf97608e Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Sat, 8 Feb 2025 17:03:58 +0800 Subject: [PATCH 04/16] format optimization --- tiup/tiup-cluster-no-sudo-mode.md | 86 +++++++++++++++---------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 93eb467c08ca3..f5cde1e4cf783 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -25,19 +25,19 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. 1. Use `tidb` user to set XDG_RUNTIME_DIR environment variable - {{< copyable "shell-regular" >}} + {{< copyable "shell-regular" >}} - ```shell - mkdir -p ~/.bashrc.d - echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd - source ~/.bashrc.d/systemd - ``` + ```shell + mkdir -p ~/.bashrc.d + echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd + source ~/.bashrc.d/systemd + ``` 2. Use `root` user to start user service - {{< copyable "shell-regular" >}} + {{< copyable "shell-regular" >}} - ```shell + ```shell $ systemctl start user@1000.service #1000 is the id of tidb user. You can get the user id by executing id $ systemctl status user@1000.service user@1000.service - User Manager for UID 1000 @@ -118,70 +118,70 @@ Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing {{< copyable "shell-regular" >}} - ```shell - sudo yum -y install numactl - ``` + ```shell + sudo yum -y install numactl + ``` 2. Close swap {{< copyable "shell-regular" >}} - ```shell - swapoff -a || exit 0 - ``` + ```shell + swapoff -a || exit 0 + ``` 3. Disable transparent huge pages - {{< copyable "shell-regular" >}} + {{< copyable "shell-regular" >}} - ```shell - echo never > /sys/kernel/mm/transparent_hugepage/enabled - ``` + ```shell + echo never > /sys/kernel/mm/transparent_hugepage/enabled + ``` 4. Start irqbalance service {{< copyable "shell-regular" >}} - ```shell - systemctl start irqbalance + ```shell + systemctl start irqbalance ``` 5. Turn off the firewall and turn off firewall auto-start - {{< copyable "shell-regular" >}} + {{< copyable "shell-regular" >}} - ```shell - systemctl stop firewalld.service - systemctl disable firewalld.service + ```shell + systemctl stop firewalld.service + systemctl disable firewalld.service ``` 6. Modify sysctl parameters - {{< copyable "shell-regular" >}} + {{< copyable "shell-regular" >}} - ```shell - echo "fs.file-max = 1000000">> /etc/sysctl.conf - echo "net.core.somaxconn = 32768">> /etc/sysctl.conf - echo "net.ipv4.tcp_tw_recycle = 0">> /etc/sysctl.conf - echo "net.ipv4.tcp_syncookies = 0">> /etc/sysctl.conf - echo "vm.overcommit_memory = 1">> /etc/sysctl.conf - echo "vm.swappiness = 0">> /etc/sysctl.conf - sysctl -p + ```shell + echo "fs.file-max = 1000000">> /etc/sysctl.conf + echo "net.core.somaxconn = 32768">> /etc/sysctl.conf + echo "net.ipv4.tcp_tw_recycle = 0">> /etc/sysctl.conf + echo "net.ipv4.tcp_syncookies = 0">> /etc/sysctl.conf + echo "vm.overcommit_memory = 1">> /etc/sysctl.conf + echo "vm.swappiness = 0">> /etc/sysctl.conf + sysctl -p ``` 7. Configure the user's limits.conf file {{< copyable "shell-regular" >}} - ```shell - cat << EOF >>/etc/security/limits.conf - tidb soft nofile 1000000 - tidb hard nofile 1000000 - tidb soft stack 32768 - tidb hard stack 32768 - tidb soft core unlimited - tidb hard core unlimited - EOF + ```shell + cat << EOF >>/etc/security/limits.conf + tidb soft nofile 1000000 + tidb hard nofile 1000000 + tidb soft stack 32768 + tidb hard stack 32768 + tidb soft core unlimited + tidb hard core unlimited + EOF ``` ## Deploy cluster @@ -191,7 +191,7 @@ In order to use the `tidb` user prepared in the above steps and avoid re-creatin {{< copyable "shell-regular" >}} ```shell - tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb +tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb ``` Start cluster From 6df99dfddd45c9f4213b63861e660f002a3fecda Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Sat, 8 Feb 2025 17:10:30 +0800 Subject: [PATCH 05/16] format optimization --- tiup/tiup-cluster-no-sudo-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index f5cde1e4cf783..0d22905761128 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -57,7 +57,7 @@ This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. └─3358 /usr/bin/pulseaudio --daemonize=no --log-target=journal ``` - Execute `systemctl --user` in the terminal and no more errors are thrown, indicating that it has started normally. + Execute `systemctl --user` in the terminal and no more errors are thrown, indicating that it has started normally. 3. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. From 2aa05847af5575e4386d32bedb9ee34021bfd286 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 10 Feb 2025 16:24:59 +0800 Subject: [PATCH 06/16] Update tiup-cluster-no-sudo-mode.md --- tiup/tiup-cluster-no-sudo-mode.md | 244 +++++++++++++----------------- 1 file changed, 105 insertions(+), 139 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 0d22905761128..98bb170bd25fd 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -5,95 +5,84 @@ summary: Learns how to deploy and maintain an online TiDB cluster using TiUP no- # Deploy and Maintain an Online TiDB Cluster Using TiUP No-sudo Mode - -This document focuses on how to use the TiUP no-sudo Mode to deploy a cluster. +This document describes how to use the TiUP no-sudo mode to deploy a cluster. > **Note:** > -> CentOS version limit: CentOS 8 and later versions +> For CentOS, only CentOS 8 or later versions are supported. ## Prepare user and configure SSH mutual trust -1. Log in to all deployment target machines in sequence and use the `root` user to create a normal user named `tidb` with the following command (take the `tidb` user as an example). In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, there is no need to add the `tidb` user to sudoers. - - {{< copyable "shell-regular" >}} +1. Log in to all deployment target machines in sequence, and use the `root` user to create a user named `tidb` with the following command. In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, there is no need to add the `tidb` user to sudoers. + ```shell adduser tidb ``` -2. Start systemd user mode for `tidb` user on every deployment target machine (important step) +2. Start the `systemd` user mode for the `tidb` user on every deployment target machine. This step is important and do not skip it. - 1. Use `tidb` user to set XDG_RUNTIME_DIR environment variable + 1. Use the `tidb` user to set the `XDG_RUNTIME_DIR` environment variable. - {{< copyable "shell-regular" >}} - - ```shell - mkdir -p ~/.bashrc.d - echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd - source ~/.bashrc.d/systemd - ``` + ```shell + mkdir -p ~/.bashrc.d + echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd + source ~/.bashrc.d/systemd + ``` - 2. Use `root` user to start user service + 2. Use `root` user to start user service. - {{< copyable "shell-regular" >}} - - ```shell - $ systemctl start user@1000.service #1000 is the id of tidb user. You can get the user id by executing id - $ systemctl status user@1000.service - user@1000.service - User Manager for UID 1000 - Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset> - Active: active (running) since Mon 2024-01-29 03:30:51 EST; 1min 7s ago - Main PID: 3328 (systemd) - Status: "Startup finished in 420ms." - Tasks: 6 - Memory: 6.1M - CGroup: /user.slice/user-1000.slice/user@1000.service - ├─dbus.service - │ └─3442 /usr/bin/dbus-daemon --session --address=systemd: --nofork > - ├─init.scope - │ ├─3328 /usr/lib/systemd/systemd --user - │ └─3335 (sd-pam) - └─pulseaudio.service - └─3358 /usr/bin/pulseaudio --daemonize=no --log-target=journal - ``` + ```shell + $ systemctl start user@1000.service #1000 is the id of tidb user. You can get the user id by executing id + $ systemctl status user@1000.service + user@1000.service - User Manager for UID 1000 + Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset> + Active: active (running) since Mon 2024-01-29 03:30:51 EST; 1min 7s ago + Main PID: 3328 (systemd) + Status: "Startup finished in 420ms." + Tasks: 6 + Memory: 6.1M + CGroup: /user.slice/user-1000.slice/user@1000.service + ├─dbus.service + │ └─3442 /usr/bin/dbus-daemon --session --address=systemd: --nofork > + ├─init.scope + │ ├─3328 /usr/lib/systemd/systemd --user + │ └─3335 (sd-pam) + └─pulseaudio.service + └─3358 /usr/bin/pulseaudio --daemonize=no --log-target=journal + ``` - Execute `systemctl --user` in the terminal and no more errors are thrown, indicating that it has started normally. + Execute `systemctl --user` in the terminal. If no errors are reported, it indicates that it has started normally. 3. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. -## Prepare topology file +## Prepare the topology file 1. Use following command to generate topology file. - {{< copyable "shell-regular" >}} - - ```shell - tiup cluster template > topology.yaml - ``` + ```shell + tiup cluster template > topology.yaml + ``` 2. Edit the topology file. - Compared with the previous mode, TiUP using no-sudo mode needs to add the line `systemd_mode: "user"` in the global block of topology.yaml. The `systemd_mode` parameter is used to indicate whether to use systemd user mode. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because there will be permission issues, and you need to choose a path that ordinary users can access. The example below uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. - The rest is consistent with the old version. - - {{< copyable "shell-regular" >}} - - ```yaml - global: - user: "tidb" - systemd_mode: "user" - ssh_port: 22 - deploy_dir: "data/tidb-deploy" - data_dir: "data/tidb-data" - arch: "amd64" - ... - ``` + Compared with the previous mode, TiUP using no-sudo mode needs to add the line `systemd_mode: "user"` in the global block of topology.yaml. The `systemd_mode` parameter is used to indicate whether to use systemd user mode. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because it can cause permission issues. You need to choose a path that ordinary users can access. + + The following example uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. The rest is the same as the old version. + + ```yaml + global: + user: "tidb" + systemd_mode: "user" + ssh_port: 22 + deploy_dir: "data/tidb-deploy" + data_dir: "data/tidb-data" + arch: "amd64" + ... + ``` ## Manually repair failed check items -Executing `tiup cluster check topology.yaml --user tidb` will display some failed check items, examples: - -{{< copyable "shell-regular" >}} +Executing `tiup cluster check topology.yaml --user tidb` will display some failed check items. The following is an example. ```shell Node Check Result Message @@ -112,127 +101,104 @@ Node Check Result Message 192.168.124.27 service Fail service firewalld is running but should be stopped ``` -Since in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply --user tidb` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. +Because in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply --user tidb` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. -1. Install the numactl tool +1. Install the numactl tool. - {{< copyable "shell-regular" >}} - - ```shell - sudo yum -y install numactl - ``` + ```shell + sudo yum -y install numactl + ``` -2. Close swap +2. Close swap. - {{< copyable "shell-regular" >}} - - ```shell - swapoff -a || exit 0 - ``` + ```shell + swapoff -a || exit 0 + ``` -3. Disable transparent huge pages - - {{< copyable "shell-regular" >}} +3. Disable transparent huge pages. - ```shell - echo never > /sys/kernel/mm/transparent_hugepage/enabled - ``` - -4. Start irqbalance service + ```shell + echo never > /sys/kernel/mm/transparent_hugepage/enabled + ``` - {{< copyable "shell-regular" >}} +4. Start the irqbalance service. - ```shell + ```shell systemctl start irqbalance - ``` - -5. Turn off the firewall and turn off firewall auto-start + ``` - {{< copyable "shell-regular" >}} +5. Disable the firewall and disable firewall auto-start. - ```shell - systemctl stop firewalld.service - systemctl disable firewalld.service - ``` + ```shell + systemctl stop firewalld.service + systemctl disable firewalld.service + ``` -6. Modify sysctl parameters +6. Modify sysctl parameters. - {{< copyable "shell-regular" >}} - - ```shell - echo "fs.file-max = 1000000">> /etc/sysctl.conf - echo "net.core.somaxconn = 32768">> /etc/sysctl.conf - echo "net.ipv4.tcp_tw_recycle = 0">> /etc/sysctl.conf - echo "net.ipv4.tcp_syncookies = 0">> /etc/sysctl.conf - echo "vm.overcommit_memory = 1">> /etc/sysctl.conf - echo "vm.swappiness = 0">> /etc/sysctl.conf - sysctl -p - ``` + ```shell + echo "fs.file-max = 1000000">> /etc/sysctl.conf + echo "net.core.somaxconn = 32768">> /etc/sysctl.conf + echo "net.ipv4.tcp_tw_recycle = 0">> /etc/sysctl.conf + echo "net.ipv4.tcp_syncookies = 0">> /etc/sysctl.conf + echo "vm.overcommit_memory = 1">> /etc/sysctl.conf + echo "vm.swappiness = 0">> /etc/sysctl.conf + sysctl -p + ``` 7. Configure the user's limits.conf file - {{< copyable "shell-regular" >}} - - ```shell - cat << EOF >>/etc/security/limits.conf - tidb soft nofile 1000000 - tidb hard nofile 1000000 - tidb soft stack 32768 - tidb hard stack 32768 - tidb soft core unlimited - tidb hard core unlimited - EOF - ``` - -## Deploy cluster + ```shell + cat << EOF >>/etc/security/limits.conf + tidb soft nofile 1000000 + tidb hard nofile 1000000 + tidb soft stack 32768 + tidb hard stack 32768 + tidb soft core unlimited + tidb hard core unlimited + EOF + ``` -In order to use the `tidb` user prepared in the above steps and avoid re-creating a new user, you need to add `--user tidb` when executing the deploy command, that is: +## Deploy the cluster -{{< copyable "shell-regular" >}} +To use the `tidb` user prepared in the preceding steps and avoid re-creating a new user, you need to add `--user tidb` when executing the deploy command. ```shell tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb ``` -Start cluster - -{{< copyable "shell-regular" >}} +Start the cluster: ```shell tiup cluster start mycluster ``` -Scale-out cluster - -{{< copyable "shell-regular" >}} +Scale out the cluster: ```shell tiup cluster scale-out mycluster scale.yaml --user tidb ``` -Scale-in cluster - -{{< copyable "shell-regular" >}} +Scale in the cluster: ```shell tiup cluster scale-in mycluster -N 192.168.124.27:20160 ``` -Upgrade cluster - -{{< copyable "shell-regular" >}} +Upgrade the cluster: ```shell tiup cluster upgrade mycluster v8.2.0 ``` ## FAQ -1. When starting user@.service, an error occurs: Failed to fully start up daemon: Permission denied - This may be because the `pam_systemd.so` is missing from your `/etc/pam.d/system-auth.ued` file. You can use the following command to check whether the `/etc/pam.d/system-auth.ued` file already contains the configuration of the `pam_systemd.so` module. If not, append the line `session optional pam_systemd.so` to the end of the file. +### When you start user@.service, the following error occurs: `Failed to fully start up daemon: Permission denied` + +This issue might be caused by the missing `pam_systemd.so` from your `/etc/pam.d/system-auth.ued` file. - {{< copyable "shell-regular" >}} +To address this issue, you can use the following command to check whether the `/etc/pam.d/system-auth.ued` file already contains the configuration of the `pam_systemd.so` module. If not, append the line `session optional pam_systemd.so` to the end of the file. - ```shell - grep 'pam_systemd.so' /etc/pam.d/system-auth.ued || echo 'session optional pam_systemd.so' >> /etc/pam.d/system-auth.ued - ``` +```shell +grep 'pam_systemd.so' /etc/pam.d/system-auth.ued || echo 'session optional pam_systemd.so' >> /etc/pam.d/system-auth.ued +``` From 69379a6834459b8238048d0818684a857da27829 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 10 Feb 2025 16:27:52 +0800 Subject: [PATCH 07/16] Update tiup/tiup-cluster-topology-reference.md --- tiup/tiup-cluster-topology-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-topology-reference.md b/tiup/tiup-cluster-topology-reference.md index 66cc604a72900..be3e6813e26db 100644 --- a/tiup/tiup-cluster-topology-reference.md +++ b/tiup/tiup-cluster-topology-reference.md @@ -42,7 +42,7 @@ The `global` section corresponds to the cluster's global configuration and has t - `group`: The user group to which a user belongs. It is specified when the user is created. The value defaults to that of the `` field. If the specified group does not exist, it is automatically created. -- `systemd_mode`: The systemd mode used on the target machine during cluster deployment. The default value is `system`. If it is set to `user`, it means that sudo permissions are not used on the target machine, that is, the TiUP no-sudo mode is used. +- `systemd_mode`: The `systemd` mode used on the target machine during cluster deployment. The default value is `system`. If you set it to `user`, it means that sudo permissions are not used on the target machine, that is, the [TiUP no-sudo mode](/tiup/tiup-cluster-no-sudo-mode.md) is used. - `ssh_port`: Specifies the SSH port to connect to the target machine for operations. The default value is `22`. From 27ab2917233adcc8449b9489cc7b1ac8826bd693 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 10 Feb 2025 18:17:44 +0800 Subject: [PATCH 08/16] Update tiup-cluster-no-sudo-mode.md --- tiup/tiup-cluster-no-sudo-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 98bb170bd25fd..d39953e3691ac 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -11,7 +11,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. > > For CentOS, only CentOS 8 or later versions are supported. -## Prepare user and configure SSH mutual trust +## Prepare the user and configure the SSH mutual trust 1. Log in to all deployment target machines in sequence, and use the `root` user to create a user named `tidb` with the following command. In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, there is no need to add the `tidb` user to sudoers. From f55e806f8ef5a0199954ab575c2d703f4c633442 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 10 Feb 2025 18:20:22 +0800 Subject: [PATCH 09/16] Update tiup-cluster-no-sudo-mode.md --- tiup/tiup-cluster-no-sudo-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index d39953e3691ac..d7390aa98d674 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -32,7 +32,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. 2. Use `root` user to start user service. ```shell - $ systemctl start user@1000.service #1000 is the id of tidb user. You can get the user id by executing id + $ systemctl start user@1000.service #1000 is the ID of the tidb user. You can get the user ID by executing ID. $ systemctl status user@1000.service user@1000.service - User Manager for UID 1000 Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset> From 33df822bff77c5246d0c4967be382dc0e5e0d14e Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 11 Feb 2025 12:05:41 +0800 Subject: [PATCH 10/16] Apply suggestions from code review --- tiup/tiup-cluster-no-sudo-mode.md | 20 ++++++++++---------- tiup/tiup-cluster-topology-reference.md | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index d7390aa98d674..31332f6741e02 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -13,13 +13,13 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. ## Prepare the user and configure the SSH mutual trust -1. Log in to all deployment target machines in sequence, and use the `root` user to create a user named `tidb` with the following command. In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, there is no need to add the `tidb` user to sudoers. +1. Log in to all deployment target machines in sequence, and use the `root` user to create a user named `tidb` with the following command. In no-sudo mode, there is no need to configure password-free sudo for the `tidb` user, that is, you do not need to add the `tidb` user to sudoers. ```shell adduser tidb ``` -2. Start the `systemd` user mode for the `tidb` user on every deployment target machine. This step is important and do not skip it. +2. Start the `systemd` user mode for the `tidb` user on every deployment target machine. This step is required and do not skip it. 1. Use the `tidb` user to set the `XDG_RUNTIME_DIR` environment variable. @@ -32,7 +32,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. 2. Use `root` user to start user service. ```shell - $ systemctl start user@1000.service #1000 is the ID of the tidb user. You can get the user ID by executing ID. + $ systemctl start user@1000.service # `1000` is the ID of the tidb user. You can get the user ID by executing the `id` command. $ systemctl status user@1000.service user@1000.service - User Manager for UID 1000 Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset> @@ -57,7 +57,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. ## Prepare the topology file -1. Use following command to generate topology file. +1. Use the following command to generate topology file. ```shell tiup cluster template > topology.yaml @@ -65,7 +65,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. 2. Edit the topology file. - Compared with the previous mode, TiUP using no-sudo mode needs to add the line `systemd_mode: "user"` in the global block of topology.yaml. The `systemd_mode` parameter is used to indicate whether to use systemd user mode. If this parameter is not set, its default value is `system`, indicating that sudo permissions are required. In addition, no-sudo mode cannot use `/data` as `deploy_dir` and `data_dir` because it can cause permission issues. You need to choose a path that ordinary users can access. + Compared with the previous mode, TiUP in no-sudo mode requires adding `systemd_mode: "user"` in the global block of `topology.yaml`. The `systemd_mode` parameter specifies whether to use systemd's user mode. If this parameter is not set, the default value is `system`, meaning sudo permissions are required. Additionally, in no-sudo mode, `/data` cannot be used as the `deploy_dir` or `data_di`r due to potential permission issues. You must select a path accessible to non-root users. The following example uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. The rest is the same as the old version. @@ -101,7 +101,7 @@ Node Check Result Message 192.168.124.27 service Fail service firewalld is running but should be stopped ``` -Because in no-sudo mode, the `tidb` user does not have sudo permissions, executing `tiup cluster check topology.yaml --apply --user tidb` will not be able to automatically repair failed check items due to insufficient permissions. Therefore, some operations need to be performed manually on the deployment machines using the `root` user. +In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluster check topology.yaml --apply --user tidb` cannot automatically fix failed check items due to insufficient permissions. As a result, certain operations must be performed manually on the deployment machines using the `root` user. 1. Install the numactl tool. @@ -146,7 +146,7 @@ Because in no-sudo mode, the `tidb` user does not have sudo permissions, executi sysctl -p ``` -7. Configure the user's limits.conf file +7. Configure the user's `limits.conf` file ```shell cat << EOF >>/etc/security/limits.conf @@ -161,7 +161,7 @@ Because in no-sudo mode, the `tidb` user does not have sudo permissions, executi ## Deploy the cluster -To use the `tidb` user prepared in the preceding steps and avoid re-creating a new user, you need to add `--user tidb` when executing the deploy command. +To use the `tidb` user created in the previous steps and avoid creating a new one, add `--user tidb` when running the deploy command. ```shell tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb @@ -195,9 +195,9 @@ tiup cluster upgrade mycluster v8.2.0 ### When you start user@.service, the following error occurs: `Failed to fully start up daemon: Permission denied` -This issue might be caused by the missing `pam_systemd.so` from your `/etc/pam.d/system-auth.ued` file. +This issue might be caused by the absence of `pam_systemd.so` in your `/etc/pam.d/system-auth.ued` file. -To address this issue, you can use the following command to check whether the `/etc/pam.d/system-auth.ued` file already contains the configuration of the `pam_systemd.so` module. If not, append the line `session optional pam_systemd.so` to the end of the file. +To resolve this issue, use the following command to check if the `/etc/pam.d/system-auth.ued` file contains the `pam_systemd.so` module . If not, append `session optional pam_systemd.so` to the end of the file. ```shell grep 'pam_systemd.so' /etc/pam.d/system-auth.ued || echo 'session optional pam_systemd.so' >> /etc/pam.d/system-auth.ued diff --git a/tiup/tiup-cluster-topology-reference.md b/tiup/tiup-cluster-topology-reference.md index be3e6813e26db..dd68449882432 100644 --- a/tiup/tiup-cluster-topology-reference.md +++ b/tiup/tiup-cluster-topology-reference.md @@ -42,7 +42,7 @@ The `global` section corresponds to the cluster's global configuration and has t - `group`: The user group to which a user belongs. It is specified when the user is created. The value defaults to that of the `` field. If the specified group does not exist, it is automatically created. -- `systemd_mode`: The `systemd` mode used on the target machine during cluster deployment. The default value is `system`. If you set it to `user`, it means that sudo permissions are not used on the target machine, that is, the [TiUP no-sudo mode](/tiup/tiup-cluster-no-sudo-mode.md) is used. +- `systemd_mode`: Specifies the `systemd` mode used on the target machine during cluster deployment. The default value is `system`. If set to `user`, sudo permissions are not required on the target machine, meaning [TiUP no-sudo mode](/tiup/tiup-cluster-no-sudo-mode.md) is used. - `ssh_port`: Specifies the SSH port to connect to the target machine for operations. The default value is `22`. From 9fd22307c6d8ef3d90c094f421cee51093070b4f Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 11 Feb 2025 14:55:49 +0800 Subject: [PATCH 11/16] Apply suggestions from code review --- tiup/tiup-cluster-no-sudo-mode.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 31332f6741e02..24011910d49dc 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -23,11 +23,11 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. 1. Use the `tidb` user to set the `XDG_RUNTIME_DIR` environment variable. - ```shell - mkdir -p ~/.bashrc.d - echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd - source ~/.bashrc.d/systemd - ``` + ```shell + mkdir -p ~/.bashrc.d + echo "export XDG_RUNTIME_DIR=/run/user/$(id -u)" > ~/.bashrc.d/systemd + source ~/.bashrc.d/systemd + ``` 2. Use `root` user to start user service. @@ -65,9 +65,9 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. 2. Edit the topology file. - Compared with the previous mode, TiUP in no-sudo mode requires adding `systemd_mode: "user"` in the global block of `topology.yaml`. The `systemd_mode` parameter specifies whether to use systemd's user mode. If this parameter is not set, the default value is `system`, meaning sudo permissions are required. Additionally, in no-sudo mode, `/data` cannot be used as the `deploy_dir` or `data_di`r due to potential permission issues. You must select a path accessible to non-root users. - - The following example uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. The rest is the same as the old version. + Compared with the previous mode, TiUP in no-sudo mode requires adding `systemd_mode: "user"` in the global block of `topology.yaml`. The `systemd_mode` parameter specifies whether to use systemd's user mode. If this parameter is not set, the default value is `system`, meaning sudo permissions are required. + + Additionally, in no-sudo mode, because the non-root user `tidb` has no required permissions, `/data` cannot be used as the `deploy_dir` or `data_dir`. You must select a path accessible to non-root users. The following example uses relative paths and the final paths used are `/home/tidb/data/tidb-deploy` and `/home/tidb/data/tidb-data`. The rest is the same as the old version. ```yaml global: @@ -82,7 +82,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. ## Manually repair failed check items -Executing `tiup cluster check topology.yaml --user tidb` will display some failed check items. The following is an example. +Executing `tiup cluster check topology.yaml --user tidb` will generate some failed check items. The following is an example. ```shell Node Check Result Message @@ -101,7 +101,7 @@ Node Check Result Message 192.168.124.27 service Fail service firewalld is running but should be stopped ``` -In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluster check topology.yaml --apply --user tidb` cannot automatically fix failed check items due to insufficient permissions. As a result, certain operations must be performed manually on the deployment machines using the `root` user. +In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluster check topology.yaml --apply --user tidb` can cause failed check items that cannot be automatically fixed due to insufficient permissions. You need to perform operations manually on the deployment machines using the `root` user. 1. Install the numactl tool. @@ -121,7 +121,7 @@ In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluste echo never > /sys/kernel/mm/transparent_hugepage/enabled ``` -4. Start the irqbalance service. +4. Start the `irqbalance` service. ```shell systemctl start irqbalance @@ -146,7 +146,7 @@ In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluste sysctl -p ``` -7. Configure the user's `limits.conf` file +7. Configure the user's `limits.conf` file. ```shell cat << EOF >>/etc/security/limits.conf @@ -161,7 +161,7 @@ In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluste ## Deploy the cluster -To use the `tidb` user created in the previous steps and avoid creating a new one, add `--user tidb` when running the deploy command. +To use the `tidb` user created in the previous steps and avoid creating a new one, add `--user tidb` when running the `deploy` command. ```shell tiup cluster deploy mycluster v8.1.0 topology.yaml --user tidb @@ -197,7 +197,7 @@ tiup cluster upgrade mycluster v8.2.0 This issue might be caused by the absence of `pam_systemd.so` in your `/etc/pam.d/system-auth.ued` file. -To resolve this issue, use the following command to check if the `/etc/pam.d/system-auth.ued` file contains the `pam_systemd.so` module . If not, append `session optional pam_systemd.so` to the end of the file. +To resolve this issue, use the following command to check if the `/etc/pam.d/system-auth.ued` file contains the `pam_systemd.so` module. If not, append `session optional pam_systemd.so` to the end of the file. ```shell grep 'pam_systemd.so' /etc/pam.d/system-auth.ued || echo 'session optional pam_systemd.so' >> /etc/pam.d/system-auth.ued From 61b898767605940bf3aa2c0af87001e68c66e615 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 11 Feb 2025 15:20:46 +0800 Subject: [PATCH 12/16] Apply suggestions from code review --- TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TOC.md b/TOC.md index f69e8f1db7e25..5ea57327e5708 100644 --- a/TOC.md +++ b/TOC.md @@ -432,7 +432,7 @@ - TiUP Components - [tiup-playground](/tiup/tiup-playground.md) - [tiup-cluster](/tiup/tiup-cluster.md) - - [tiup-cluster no-sudo mode](/tiup/tiup-cluster-no-sudo-mode.md) + - [No-sudo Mode](/tiup/tiup-cluster-no-sudo-mode.md) - [tiup-mirror](/tiup/tiup-mirror.md) - [tiup-bench](/tiup/tiup-bench.md) - [TiDB Operator](/tidb-operator-overview.md) From 936bf782b3179446337f14de12e225f16a807da6 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Tue, 11 Feb 2025 21:21:48 +0800 Subject: [PATCH 13/16] Update tiup-cluster-no-sudo-mode.md --- tiup/tiup-cluster-no-sudo-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 24011910d49dc..584807ee92d7f 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -159,7 +159,7 @@ In no-sudo mode, the `tidb` user lacks sudo permissions, so running `tiup cluste EOF ``` -## Deploy the cluster +## Deploy and manage the cluster To use the `tidb` user created in the previous steps and avoid creating a new one, add `--user tidb` when running the `deploy` command. From e09e8038362d75e0e2e0f58d45f1ab22ecb96a15 Mon Sep 17 00:00:00 2001 From: Yujie-Xie <1398010062@qq.com> Date: Fri, 14 Feb 2025 10:42:28 +0800 Subject: [PATCH 14/16] add new command --- tiup/tiup-cluster-no-sudo-mode.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index 584807ee92d7f..f624b2110d3fb 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -50,8 +50,16 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. └─pulseaudio.service └─3358 /usr/bin/pulseaudio --daemonize=no --log-target=journal ``` - - Execute `systemctl --user` in the terminal. If no errors are reported, it indicates that it has started normally. + + Execute `systemctl --user` in the terminal. If no errors are reported, it indicates that it has started normally. + + 3. Use `root` user to execute the following command to enable lingering for the systemd user instance. + + ```shell + loginctl enable-linger tidb + ``` + + You can read the systemd documentation for reference, [Automatic start-up of systemd user instances](https://wiki.archlinux.org/title/Systemd/User#Automatic_start-up_of_systemd_user_instances). 3. Use ssh-keygen in the central control computer to generate a key and copy the public key to other deployment machines. From 7c6207d0f6cde9342ab67e0a8c2b7bd9fd2ae0ee Mon Sep 17 00:00:00 2001 From: Yujie <34276395+Yujie-Xie@users.noreply.github.com> Date: Fri, 14 Feb 2025 11:08:27 +0800 Subject: [PATCH 15/16] Apply suggestions from code review Co-authored-by: xixirangrang --- tiup/tiup-cluster-no-sudo-mode.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index f624b2110d3fb..e98c8faff1f31 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -29,7 +29,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. source ~/.bashrc.d/systemd ``` - 2. Use `root` user to start user service. + 2. Use the `root` user to start user service. ```shell $ systemctl start user@1000.service # `1000` is the ID of the tidb user. You can get the user ID by executing the `id` command. @@ -53,7 +53,7 @@ This document describes how to use the TiUP no-sudo mode to deploy a cluster. Execute `systemctl --user` in the terminal. If no errors are reported, it indicates that it has started normally. - 3. Use `root` user to execute the following command to enable lingering for the systemd user instance. + 3. Use the `root` user to execute the following command to enable lingering for the systemd user `tidb`. ```shell loginctl enable-linger tidb From 7b87454b0db3078e3e6f18c760db4bfe994ac86f Mon Sep 17 00:00:00 2001 From: Yujie <34276395+Yujie-Xie@users.noreply.github.com> Date: Fri, 14 Feb 2025 18:07:50 +0800 Subject: [PATCH 16/16] Update tiup/tiup-cluster-no-sudo-mode.md --- tiup/tiup-cluster-no-sudo-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-cluster-no-sudo-mode.md b/tiup/tiup-cluster-no-sudo-mode.md index e98c8faff1f31..4d6cb7754e394 100644 --- a/tiup/tiup-cluster-no-sudo-mode.md +++ b/tiup/tiup-cluster-no-sudo-mode.md @@ -201,7 +201,7 @@ tiup cluster upgrade mycluster v8.2.0 ## FAQ -### When you start user@.service, the following error occurs: `Failed to fully start up daemon: Permission denied` +### When you start user@.service, the following error occurs: `Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.` This issue might be caused by the absence of `pam_systemd.so` in your `/etc/pam.d/system-auth.ued` file.