From bcb85ea02a23d21c9a1a6c216d2fe1be4cb047cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Tue, 21 Jan 2025 07:31:27 +0100 Subject: [PATCH 01/11] tiup: give a more clear recommendation about SELinux --- check-before-deployment.md | 6 +++++- tiup/tiup-component-cluster-check.md | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 3769b55b73aa3..6122496248760 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -707,4 +707,8 @@ sudo yum -y install numactl ## Disable SELinux -Use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility to check if SELinux is disabled or set to permissive. SELinux in enforcing mode can cause deployment failures. For instructions on disabling SELinux, refer to your operating system's documentation. +Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode. + +On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. + +If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot. diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md index 1147901f9e0ce..154d0244e4e70 100644 --- a/tiup/tiup-component-cluster-check.md +++ b/tiup/tiup-component-cluster-check.md @@ -76,7 +76,11 @@ Check the limit values in the `/etc/security/limits.conf` file: ### SELinux -Check whether SELinux is enabled. It is required to disable SELinux. +Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode. + +On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. + +If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot. ### Firewall From df5f8ef522347fe331cad0ab14061547b7bc7457 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 12 Feb 2025 07:39:21 +0100 Subject: [PATCH 02/11] Update check-before-deployment.md Co-authored-by: Grace Cai --- check-before-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 6122496248760..6cfde0d1d3581 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -707,7 +707,7 @@ sudo yum -y install numactl ## Disable SELinux -Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode. +SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. From 6eb7c71c0a5b650696aae9a3de766744fc766253 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 12 Feb 2025 07:41:32 +0100 Subject: [PATCH 03/11] Update tiup/tiup-component-cluster-check.md Co-authored-by: Grace Cai --- tiup/tiup-component-cluster-check.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md index 154d0244e4e70..7d179bd5d5f5a 100644 --- a/tiup/tiup-component-cluster-check.md +++ b/tiup/tiup-component-cluster-check.md @@ -76,7 +76,7 @@ Check the limit values in the `/etc/security/limits.conf` file: ### SELinux -Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode. +SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. From b769320daf98bc40d10dc315b66780ca1be096a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 12 Feb 2025 08:04:26 +0100 Subject: [PATCH 04/11] Update tiup/tiup-component-cluster-check.md Co-authored-by: Grace Cai --- tiup/tiup-component-cluster-check.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md index 7d179bd5d5f5a..43df0b22aab50 100644 --- a/tiup/tiup-component-cluster-check.md +++ b/tiup/tiup-component-cluster-check.md @@ -78,9 +78,8 @@ Check the limit values in the `/etc/security/limits.conf` file: SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. -On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. - -If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot. +If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. +On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step. ### Firewall From bdf146eea6fd5ec185ca1a5e8c19a9d17c0bd2f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 12 Feb 2025 08:04:44 +0100 Subject: [PATCH 05/11] Update check-before-deployment.md Co-authored-by: Grace Cai --- check-before-deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 6cfde0d1d3581..3ade05b5adacf 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -709,6 +709,6 @@ sudo yum -y install numactl SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. -On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step. +If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. -If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot. +On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step. From f314c9c07e510f8cca18ef0f14849af6b7063165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 12 Feb 2025 08:15:16 +0100 Subject: [PATCH 06/11] fixup --- tiup/tiup-component-cluster-check.md | 1 + 1 file changed, 1 insertion(+) diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md index 43df0b22aab50..d2e91d1868843 100644 --- a/tiup/tiup-component-cluster-check.md +++ b/tiup/tiup-component-cluster-check.md @@ -79,6 +79,7 @@ Check the limit values in the `/etc/security/limits.conf` file: SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. + On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step. ### Firewall From e2ad743b25222ba519f4dbd5eb32a265962098a3 Mon Sep 17 00:00:00 2001 From: Grace Cai Date: Thu, 13 Feb 2025 17:06:59 +0800 Subject: [PATCH 07/11] minor wording updates --- check-before-deployment.md | 2 +- tiup/tiup-component-cluster-check.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/check-before-deployment.md b/check-before-deployment.md index 3ade05b5adacf..600438507e801 100644 --- a/check-before-deployment.md +++ b/check-before-deployment.md @@ -709,6 +709,6 @@ sudo yum -y install numactl SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. -If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. +If SELinux is not disabled, open the `/etc/selinux/config` file, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step. diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md index d2e91d1868843..f216c0b868cc3 100644 --- a/tiup/tiup-component-cluster-check.md +++ b/tiup/tiup-component-cluster-check.md @@ -78,7 +78,7 @@ Check the limit values in the `/etc/security/limits.conf` file: SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. -If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. +If SELinux is not disabled, open the `/etc/selinux/config` file, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot. On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step. From f75e1fd6594a38f61fbb5ffdae1524cb0f33c820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Thu, 13 Feb 2025 10:45:16 +0100 Subject: [PATCH 08/11] Ignore linux.die.net in linkchecker --- .lycheeignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.lycheeignore b/.lycheeignore index 3ead57f29a342..ce919d2c77c0f 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -14,4 +14,5 @@ file://.*?http:/\$%7BPD_IP%7D:\$%7BPD_PORT%7D/dashboard.* http://\{grafana-ip\}:3000 http://\{pd-ip\}:2379/dashboard http://localhost:\d+/ -https://github\.com/\$user/(docs|docs-cn) \ No newline at end of file +https://github\.com/\$user/(docs|docs-cn) +https://linux.die.net/man.* From b3393781cb3170ffeb41de5832ea23767541b107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Thu, 13 Feb 2025 10:52:27 +0100 Subject: [PATCH 09/11] Run link checker with .lycheeignore from the PR --- .github/workflows/link-fail-fast.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/link-fail-fast.yaml b/.github/workflows/link-fail-fast.yaml index a5e4677d08972..04ac603a65fe2 100644 --- a/.github/workflows/link-fail-fast.yaml +++ b/.github/workflows/link-fail-fast.yaml @@ -17,10 +17,6 @@ jobs: CHANGED_FILES=$(git diff-tree --name-only --diff-filter 'AM' -r HEAD^1 HEAD -- "*.md" | sed -z "s/\n$//;s/\n/' '/g") echo "all_changed_files=${CHANGED_FILES}" >> $GITHUB_OUTPUT - - name: Download Exclude Path - run: | - curl https://raw.githubusercontent.com/pingcap/docs/master/.lycheeignore -O - - name: Link Checker if: ${{ steps.changed-files.outputs.all_changed_files }} uses: lycheeverse/lychee-action@v1.6.1 From 3327cf656907f5115a296963bfa7ae4127e5c5b4 Mon Sep 17 00:00:00 2001 From: Grace Cai Date: Wed, 19 Feb 2025 15:11:48 +0800 Subject: [PATCH 10/11] Discard changes to .github/workflows/link-fail-fast.yaml --- .github/workflows/link-fail-fast.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/link-fail-fast.yaml b/.github/workflows/link-fail-fast.yaml index 04ac603a65fe2..a5e4677d08972 100644 --- a/.github/workflows/link-fail-fast.yaml +++ b/.github/workflows/link-fail-fast.yaml @@ -17,6 +17,10 @@ jobs: CHANGED_FILES=$(git diff-tree --name-only --diff-filter 'AM' -r HEAD^1 HEAD -- "*.md" | sed -z "s/\n$//;s/\n/' '/g") echo "all_changed_files=${CHANGED_FILES}" >> $GITHUB_OUTPUT + - name: Download Exclude Path + run: | + curl https://raw.githubusercontent.com/pingcap/docs/master/.lycheeignore -O + - name: Link Checker if: ${{ steps.changed-files.outputs.all_changed_files }} uses: lycheeverse/lychee-action@v1.6.1 From cbedbaa6c179df994d341bfae31d1e725895bf0c Mon Sep 17 00:00:00 2001 From: qiancai Date: Wed, 19 Feb 2025 16:15:56 +0800 Subject: [PATCH 11/11] Revert "Discard changes to .github/workflows/link-fail-fast.yaml" This reverts commit 3327cf656907f5115a296963bfa7ae4127e5c5b4. --- .github/workflows/link-fail-fast.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/link-fail-fast.yaml b/.github/workflows/link-fail-fast.yaml index a5e4677d08972..04ac603a65fe2 100644 --- a/.github/workflows/link-fail-fast.yaml +++ b/.github/workflows/link-fail-fast.yaml @@ -17,10 +17,6 @@ jobs: CHANGED_FILES=$(git diff-tree --name-only --diff-filter 'AM' -r HEAD^1 HEAD -- "*.md" | sed -z "s/\n$//;s/\n/' '/g") echo "all_changed_files=${CHANGED_FILES}" >> $GITHUB_OUTPUT - - name: Download Exclude Path - run: | - curl https://raw.githubusercontent.com/pingcap/docs/master/.lycheeignore -O - - name: Link Checker if: ${{ steps.changed-files.outputs.all_changed_files }} uses: lycheeverse/lychee-action@v1.6.1