Merge branch 'master' into master

components/cluster/command/template.go

@@ -35,6 +35,7 @@ type TemplateOptions struct {
 type LocalTemplate struct {
 	GlobalUser          string   // global.user in yaml template
 	GlobalGroup         string   // global.group in yaml template
+	GlobalSystemdMode   string   // global.systemd_mode in yaml template
 	GlobalSSHPort       int      // global.ssh_port in yaml template
 	GlobalDeployDir     string   // global.deploy_dir in yaml template
 	GlobalDataDir       string   // global.data_dir in yaml template
@@ -122,6 +123,7 @@ func newTemplateCmd() *cobra.Command {
 	// template values for rendering
 	cmd.Flags().StringVar(&localOpt.GlobalUser, "user", "tidb", "The user who runs the tidb cluster.")
 	cmd.Flags().StringVar(&localOpt.GlobalGroup, "group", "", "group is used to specify the group name the user belong to if it's not the same as user.")
+	cmd.Flags().StringVar(&localOpt.GlobalSystemdMode, "systemd_mode", "system", "systemd_mode is used to select whether to use sudo permissions.")
 	cmd.Flags().IntVar(&localOpt.GlobalSSHPort, "ssh-port", 22, "SSH port of servers in the managed cluster.")
 	cmd.Flags().StringVar(&localOpt.GlobalDeployDir, "deploy-dir", "/tidb-deploy", "Storage directory for cluster deployment files, startup scripts, and configuration files.")
 	cmd.Flags().StringVar(&localOpt.GlobalDataDir, "data-dir", "/tidb-data", "TiDB Cluster data storage directory.")

components/dm/command/template.go

@@ -33,6 +33,7 @@ type TemplateOptions struct {
 type LocalTemplate struct {
 	GlobalUser          string   // global.user in yaml template
 	GlobalGroup         string   // global.group in yaml template
+	GlobalSystemdMode   string   // global.systemd_mode in yaml template
 	GlobalSSHPort       int      // global.ssh_port in yaml template
 	GlobalDeployDir     string   // global.deploy_dir in yaml template
 	GlobalDataDir       string   // global.data_dir in yaml template
@@ -113,6 +114,7 @@ func newTemplateCmd() *cobra.Command {
 	// template values for rendering
 	cmd.Flags().StringVar(&localOpt.GlobalUser, "user", "tidb", "The user who runs the tidb cluster.")
 	cmd.Flags().StringVar(&localOpt.GlobalGroup, "group", "", "group is used to specify the group name the user belong to if it's not the same as user.")
+	cmd.Flags().StringVar(&localOpt.GlobalSystemdMode, "systemd_mode", "system", "systemd_mode is used to select whether to use sudo permissions.")
 	cmd.Flags().IntVar(&localOpt.GlobalSSHPort, "ssh-port", 22, "SSH port of servers in the managed cluster.")
 	cmd.Flags().StringVar(&localOpt.GlobalDeployDir, "deploy-dir", "/tidb-deploy", "Storage directory for cluster deployment files, startup scripts, and configuration files.")
 	cmd.Flags().StringVar(&localOpt.GlobalDataDir, "data-dir", "/tidb-data", "TiDB Cluster data storage directory.")

components/playground/instance/tiproxy.go

@@ -66,7 +66,7 @@ func (c *TiProxy) MetricAddr() (r MetricAddr) {
 
 // Start implements Instance interface.
 func (c *TiProxy) Start(ctx context.Context, version utils.Version) error {
-	endpoints := pdEndpoints(c.pds, true)
+	endpoints := pdEndpoints(c.pds, false)
 
 	configPath := filepath.Join(c.Dir, "config", "proxy.toml")
 	dir := filepath.Dir(configPath)

embed/examples/cluster/local.tpl

@@ -10,6 +10,10 @@ global:
   # group is used to specify the group name the user belong to if it's not the same as user.
   group: "{{ .GlobalGroup }}"
   {{- end }}
+  {{- if .GlobalSystemdMode }}
+  # # systemd_mode is used to select whether to use sudo permissions.
+  systemd_mode: "{{ .GlobalSystemdMode }}"
+  {{- end }}
   # # SSH port of servers in the managed cluster.
   ssh_port: {{ .GlobalSSHPort }}
   # # Storage directory for cluster deployment files, startup scripts, and configuration files.
@@ -62,4 +66,4 @@ alertmanager_servers:
  {{- range .AlertManagerServers }}
   - host: {{ . }}
 {{- end }}
-{{ end }}
+{{ end }}

embed/examples/cluster/minimal.yaml

@@ -5,6 +5,8 @@ global:
   user: "tidb"
   # # group is used to specify the group name the user belong to if it's not the same as user.
   # group: "tidb"
+  # # systemd_mode is used to select whether to use sudo permissions. When its value is set to user, there is no need to add global.user to sudoers. The default value is system.
+  # systemd_mode: "system"
   # # SSH port of servers in the managed cluster.
   ssh_port: 22
   # # Storage directory for cluster deployment files, startup scripts, and configuration files.

embed/examples/cluster/multi-dc.yaml

@@ -6,6 +6,8 @@ global:
   # # group is used to specify the group name the user belong to,if it's not the same as user.
   # group: "tidb"
   # # SSH port of servers in the managed cluster.
+  # # systemd_mode is used to select whether to use sudo permissions. When its value is set to user, there is no need to add global.user to sudoers. The default value is system.
+  # systemd_mode: "system"
   ssh_port: 22
   # # Storage directory for cluster deployment files, startup scripts, and configuration files.
   deploy_dir: "/tidb-deploy"

embed/examples/cluster/topology.example.yaml

@@ -6,6 +6,8 @@ global:
   # # group is used to specify the group name the user belong to,if it's not the same as user.
   # group: "tidb"
   # # SSH port of servers in the managed cluster.
+  # # systemd_mode is used to select whether to use sudo permissions. When its value is set to user, there is no need to add global.user to sudoers. The default value is system.
+  # systemd_mode: "system"
   ssh_port: 22
   # # Storage directory for cluster deployment files, startup scripts, and configuration files.
   deploy_dir: "/tidb-deploy"

embed/examples/dm/local.tpl

@@ -11,6 +11,10 @@ global:
   # group is used to specify the group name the user belong to if it's not the same as user.
   group: "{{ .GlobalGroup }}"
   {{- end }}
+  {{- if .GlobalSystemdMode }}
+  # # systemd_mode is used to select whether to use sudo permissions.
+  systemd_mode: "{{ .GlobalSystemdMode }}"
+  {{- end }}
   # # SSH port of servers in the managed cluster.
   ssh_port: {{ .GlobalSSHPort }}
   # # Storage directory for cluster deployment files, startup scripts, and configuration files.
@@ -51,4 +55,4 @@ alertmanager_servers:
  {{- range .AlertManagerServers }}
   - host: {{ . }}
 {{- end }}
-{{ end }}
+{{ end }}

embed/examples/dm/minimal.yaml

@@ -6,6 +6,7 @@
 ---
 global:
   user: "tidb"
+  # systemd_mode: "system"
   ssh_port: 22
   deploy_dir: "/home/tidb/dm/deploy"
   data_dir: "/home/tidb/dm/data"

embed/examples/dm/topology.example.yaml

@@ -3,6 +3,7 @@
 # them if the specific deployment value missing.
 global:
   user: "tidb"
+  # systemd_mode: "system"
   ssh_port: 22
   deploy_dir: "/dm-deploy"
   data_dir: "/dm-data"

embed/templates/systemd/system.service.tpl

@@ -21,10 +21,12 @@ LimitCORE={{.LimitCORE}}
 LimitNOFILE=1000000
 LimitSTACK=10485760
 
-{{- if .GrantCapNetRaw}}
+{{- if and .GrantCapNetRaw (eq .SystemdMode "system")}}
 AmbientCapabilities=CAP_NET_RAW
 {{- end}}
+{{- if eq .SystemdMode "system"}}
 User={{.User}}
+{{- end}}
 ExecStart=/bin/bash -c '{{.DeployDir}}/scripts/run_{{.ServiceName}}.sh'
 {{- if eq .ServiceName "prometheus"}}
 ExecReload=/bin/bash -c 'kill -HUP $MAINPID $(pidof {{.DeployDir}}/bin/ng-monitoring-server)'

pkg/cluster/ctxt/context.go

@@ -37,9 +37,9 @@ const (
 
 type (
 	// Executor is the executor interface for TiUP, all tasks will in the end
-	// be passed to a executor and then be actually performed.
+	// be passed to an executor and then be actually performed.
 	Executor interface {
-		// Execute run the command, then return it's stdout and stderr
+		// Execute run the command, then return its stdout and stderr
 		// NOTE: stdin is not supported as it seems we don't need it (for now). If
 		// at some point in the future we need to pass stdin to a command, we'll
 		// need to refactor this function and its implementations.

pkg/cluster/executor/ssh.go

@@ -143,8 +143,8 @@ func (e *EasySSHExecutor) Execute(ctx context.Context, cmd string, sudo bool, ti
 	}
 
 	// set a basic PATH in case it's empty on login
-	cmd = fmt.Sprintf("PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin %s", cmd)
-
+	cmd = fmt.Sprintf("PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin; %s", cmd)
+	
 	if e.Locale != "" {
 		cmd = fmt.Sprintf("export LANG=%s; %s", e.Locale, cmd)
 	}
@@ -182,6 +182,7 @@ func (e *EasySSHExecutor) Execute(ctx context.Context, cmd string, sudo bool, ti
 					e.Config.Server,
 					color.YellowString(output)))
 		}
+
 		return []byte(stdout), []byte(stderr), baseErr
 	}
 

pkg/cluster/manager/builder.go

@@ -52,6 +52,7 @@ func buildReloadPromAndGrafanaTasks(
 	}
 	var tasks []*task.StepDisplay
 	deletedNodes := set.NewStringSet(nodes...)
+	systemdMode := topo.BaseTopo().GlobalOptions.SystemdMode
 	for _, inst := range instances {
 		if deletedNodes.Exist(inst.ID()) {
 			continue
@@ -60,10 +61,10 @@ func buildReloadPromAndGrafanaTasks(
 		t := task.NewBuilder(logger)
 		if inst.ComponentName() == spec.ComponentPrometheus {
 			// reload Prometheus
-			t = t.SystemCtl(inst.GetManageHost(), inst.ServiceName(), "reload", true, true)
+			t = t.SystemCtl(inst.GetManageHost(), inst.ServiceName(), "reload", true, true, string(systemdMode))
 		} else {
 			// restart grafana
-			t = t.SystemCtl(inst.GetManageHost(), inst.ServiceName(), "restart", true, false)
+			t = t.SystemCtl(inst.GetManageHost(), inst.ServiceName(), "restart", true, false, string(systemdMode))
 		}
 
 		tasks = append(tasks, t.BuildAsStep(fmt.Sprintf("  - Reload %s -> %s", inst.ComponentName(), inst.ID())))
@@ -99,6 +100,14 @@ func buildScaleOutTask(
 		return nil, err
 	}
 
+	var sudo bool
+	systemdMode := topo.BaseTopo().GlobalOptions.SystemdMode
+	if systemdMode == spec.UserMode {
+		sudo = false
+	} else {
+		sudo = true
+	}
+
 	// Initialize the environments
 	initializedHosts := set.NewStringSet()
 	metadata.GetTopology().IterInstance(func(instance spec.Instance) {
@@ -131,7 +140,9 @@ func buildScaleOutTask(
 				dirs = append(dirs, spec.Abs(globalOptions.User, dirname))
 			}
 		}
-
+		if systemdMode == spec.UserMode {
+			dirs = append(dirs, spec.Abs(globalOptions.User, ".config/systemd/user"))
+		}
 		t := task.NewBuilder(m.logger).
 			RootSSH(
 				instance.GetManageHost(),
@@ -151,9 +162,10 @@ func buildScaleOutTask(
 				gOpt.SSHProxyTimeout,
 				gOpt.SSHType,
 				globalOptions.SSHType,
+				opt.User != "root" && systemdMode != spec.UserMode,
 			).
-			EnvInit(instance.GetManageHost(), base.User, base.Group, opt.SkipCreateUser || globalOptions.User == opt.User).
-			Mkdir(globalOptions.User, instance.GetManageHost(), dirs...).
+			EnvInit(instance.GetManageHost(), base.User, base.Group, opt.SkipCreateUser || globalOptions.User == opt.User, sudo).
+			Mkdir(globalOptions.User, instance.GetManageHost(), sudo, dirs...).
 			BuildAsStep(fmt.Sprintf("  - Initialized host %s ", host))
 		envInitTasks = append(envInitTasks, t)
 	})
@@ -186,9 +198,9 @@ func buildScaleOutTask(
 		}
 		// Deploy component
 		tb := task.NewSimpleUerSSH(m.logger, inst.GetManageHost(), inst.GetSSHPort(), base.User, gOpt, p, sshType).
-			Mkdir(base.User, inst.GetManageHost(), deployDirs...).
-			Mkdir(base.User, inst.GetManageHost(), dataDirs...).
-			Mkdir(base.User, inst.GetManageHost(), logDir)
+			Mkdir(base.User, inst.GetManageHost(), sudo, deployDirs...).
+			Mkdir(base.User, inst.GetManageHost(), sudo, dataDirs...).
+			Mkdir(base.User, inst.GetManageHost(), sudo, logDir)
 
 		srcPath := ""
 		if patchedComponents.Exist(inst.ComponentName()) {
@@ -477,7 +489,7 @@ func buildMonitoredDeployTask(
 
 			// Deploy component
 			tb := task.NewSimpleUerSSH(m.logger, host, info.ssh, globalOptions.User, gOpt, p, globalOptions.SSHType).
-				Mkdir(globalOptions.User, host, deployDirs...).
+				Mkdir(globalOptions.User, host, globalOptions.SystemdMode != spec.UserMode, deployDirs...).
 				CopyComponent(
 					comp,
 					info.os,
@@ -524,7 +536,7 @@ func buildMonitoredCertificateTasks(
 
 				// Deploy component
 				tb := task.NewSimpleUerSSH(m.logger, host, info.ssh, globalOptions.User, gOpt, p, globalOptions.SSHType).
-					Mkdir(globalOptions.User, host, tlsDir)
+					Mkdir(globalOptions.User, host, globalOptions.SystemdMode != spec.UserMode, tlsDir)
 
 				if comp == spec.ComponentBlackboxExporter {
 					ca, innerr := crypto.ReadCA(
@@ -604,6 +616,7 @@ func buildInitMonitoredConfigTasks(
 						Log:    logDir,
 						Cache:  specManager.Path(name, spec.TempConfigPath),
 					},
+					globalOptions.SystemdMode,
 				).
 				BuildAsStep(fmt.Sprintf("  - Generate config %s -> %s", comp, host))
 			tasks = append(tasks, t)
@@ -802,7 +815,7 @@ func buildTLSTask(
 	// cleanup tls files only in tls disable
 	if !topo.BaseTopo().GlobalOptions.TLSEnabled {
 		builder.Func("Cleanup TLS files", func(ctx context.Context) error {
-			return operator.CleanupComponent(ctx, delFileMap)
+			return operator.CleanupComponent(ctx, delFileMap, topo.BaseTopo().GlobalOptions.SystemdMode != spec.UserMode)
 		})
 	}
 
@@ -842,7 +855,7 @@ func buildCertificateTasks(
 			tlsDir := filepath.Join(deployDir, spec.TLSCertKeyDir)
 
 			tb := task.NewSimpleUerSSH(m.logger, inst.GetManageHost(), inst.GetSSHPort(), base.User, gOpt, p, topo.BaseTopo().GlobalOptions.SSHType).
-				Mkdir(base.User, inst.GetManageHost(), deployDir, tlsDir)
+				Mkdir(base.User, inst.GetManageHost(), topo.BaseTopo().GlobalOptions.SystemdMode != spec.UserMode, deployDir, tlsDir)
 
 			ca, err := crypto.ReadCA(
 				name,