Why is it necessary to establish mutual trust in self-configuration during deployment?

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 部署时为什么要对自身配置互信

| username: 逍遥_猫

[TiDB Usage Environment] Testing
The official documentation deployment mentions
It also requires configuring mutual trust for itself, why is that?

| username: tidb菜鸟一只 | Original post link

If you want to avoid entering a password, all machines deploying TiDB components need to be configured for mutual trust. If you deploy TiDB components on the control machine, the local machine also needs to be configured for mutual trust. However, if it is only used as a control machine to run TiUP commands, mutual trust configuration is not needed. If you don’t need password-free access and manually enter the password each time, none of the machines need to be configured for mutual trust.

| username: 逍遥_猫 | Original post link

Even if the TiDB component is deployed on the machine with TiUP, it is accessed locally and does not use SSH. So why configure mutual trust?

| username: zhanggame1 | Original post link

You don’t need to configure it; just use a username and password during installation. Only configure it if you want passwordless access.

| username: 有猫万事足 | Original post link

It is not accessed from the local machine directly, but accessed from the local machine via SSH to the local machine, so mutual trust is needed.

| username: caiyfc | Original post link

You need to think with a programmer’s mindset. It is estimated that tiup executes remote commands through a specific function, and this function must be able to access both other machines and the local machine. So, wouldn’t it be more convenient to establish an access connection using SSH within the function? Moreover, when deploying with tiup, it automatically establishes mutual trust, which is seamless for the user.

| username: tidb菜鸟一只 | Original post link

When installing, it is done through SSH, even on the local machine…

| username: 像风一样的男子 | Original post link

He cannot determine whether to execute on the local machine by himself; he will only SSH login using the IP address provided in your topology diagram to execute commands.

| username: cassblanca | Original post link

It’s very simple, find a server and use ssh -p22 localhost. Try SSHing into the local machine and see if it requires a password.

| username: TiDBer_vfJBUcxl | Original post link

As long as SSH is used, regardless of whether it is the local machine or not, mutual trust must be configured or the password must be entered manually.

| username: Jellybean | Original post link

Configuring mutual trust is not mandatory; you can also manually enter the SSH access account and password each time you perform an operation.

Setting up mutual trust will be much more convenient and efficient, improving operational efficiency.

| username: wfxxh | Original post link

If you don’t configure passwordless access to the local machine, you will need to enter a password when SSHing to the local machine. Generally, batch deployment scripts use SSH to install on the corresponding machines uniformly, without distinguishing between the local machine and other machines.

| username: tony5413 | Original post link

Automated deployment

| username: redgame | Original post link

The installation is done via SSH.

| username: Kongdom | Original post link

Because the users are different, one is the root user and the other is the tidb user.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.