Summary of Issues with Setting Up TiUP Mirror Private Repository Not Taking Effect

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tiup mirror私有镜像搭建不生效问题汇总

| username: realcp1018

[Operation Procedure]

  1. Select a server to create the /data/tiup-mirror directory, and plan to expose it through the httpd service.
    chown tidb.apache /data/tiup-mirror
    chmod 755 /data/tiup-mirror
  2. Configure and start the httpd service, listening on port 3999, with /data/tiup-mirror as the server root directory.
  3. Switch to the tidb user and execute tiup mirror clone /data/tiup-mirror --full.
  4. After the full mirror clone is complete, set the mirror on other TiDB execution machines:
    tiup mirror set http://<mirror server address>:3999

When executing tiup cluster related commands, the following error occurs:

tiup is checking updates for component cluster ...timeout(2s)!
Error: unknown component
| username: realcp1018 | Original post link

When I initially cloned the image, I ran it in the background overnight and was unsure if it succeeded. In the morning, I repeated the clone and found that only four new tiup tar packages were updated, so I assumed it was successful.

The first time I set up the mirror on another machine, the initial error was:

tiup is checking updates for component cluster ...timeout(2s)!
Error: read manifest from mirror(http://xxxx:3999) failed: invalid signature for file timestamp.json: not enough signatures (0) for threshold 1 in timestamp.json

So I cloned it a few more times.

After that, I tried to wget root.json locally first, then used tiup mirror set http://xxxx:3999 -r /absolute/path/root.json, which resulted in the above error. After resetting a few times without specifying root.json, the error persisted.

| username: 有猫万事足 | Original post link

You can try referring to this test code and set up a fake timestamp.json. The expiration date is set to the year 2120. Maybe this can solve the verification issue. :joy:

| username: ShawnYan | Original post link

You can refer to:

| username: tidb菜鸟一只 | Original post link

Directly copy the directory over and set it as a rare mirror address to test it.

| username: realcp1018 | Original post link

:disguised_face: Thank you all for your replies. After multiple attempts, I have identified the issue. The current solution is as follows:

  1. Add a script to the mirror machine for quick clone full updates:
# Update the tiup mirror repository to keep the local mirror consistent with the official mirror repository
# The mirror server update must use the official mirror, so a reset is needed first, and finally reset to the local mirror for regular verification
su - tidb -c "${tiup} mirror set --reset"
su - tidb -c "${tiup} mirror clone /data/tiup-mirror --os linux --arch amd64,arm64 --jobs 32 --full"
su - tidb -c "${tiup} mirror set /data/tiup-mirror"
  1. Verify locally on the mirror machine:
    tiup list tidb
    You can confirm that all versions of tidb are listed.

  2. When using a private mirror on other machines, you must:
    3.1) wget http://xxx:3999/root.json -O /home/tidb/.tiup/root.json
    3.2) tiup mirror set http://xxx:3999 -r /home/tidb/.tiup/root.json
    The location of the above root.json is arbitrary; I placed it in the .tiup directory.

  3. Periodically update the mirror using the script from step 1 on the mirror machine.

  4. Each time the mirror is updated, users need to follow up by executing the two commands in step 3 (both are indispensable).
    It seems that a full clone updates the root.json of the mirror server, causing user verification to fail. However, without using clone, the mirror repository cannot be updated (without --full, the product information will be cleared, i.e., tiup list will be empty).

I think sharing root.json can avoid step 3.1, but step 3.2 is unavoidable. A makeshift solution is to keep the mirror repository updated at a low frequency and the client to keep a slightly higher frequency of mirror set…
I hope future versions will optimize this.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.