Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.
Original topic: 部署时为什么要对自身配置互信
[TiDB Usage Environment] Testing
The official documentation deployment mentions
It also requires configuring mutual trust for itself, why is that?
If you want to avoid entering a password, all machines deploying TiDB components need to be configured for mutual trust. If you deploy TiDB components on the control machine, the local machine also needs to be configured for mutual trust. However, if it is only used as a control machine to run TiUP commands, mutual trust configuration is not needed. If you don’t need password-free access and manually enter the password each time, none of the machines need to be configured for mutual trust.
Even if the TiDB component is deployed on the machine with TiUP, it is accessed locally and does not use SSH. So why configure mutual trust?
You don’t need to configure it; just use a username and password during installation. Only configure it if you want passwordless access.
It is not accessed from the local machine directly, but accessed from the local machine via SSH to the local machine, so mutual trust is needed.
You need to think with a programmer’s mindset. It is estimated that tiup executes remote commands through a specific function, and this function must be able to access both other machines and the local machine. So, wouldn’t it be more convenient to establish an access connection using SSH within the function? Moreover, when deploying with tiup, it automatically establishes mutual trust, which is seamless for the user.
When installing, it is done through SSH, even on the local machine…
He cannot determine whether to execute on the local machine by himself; he will only SSH login using the IP address provided in your topology diagram to execute commands.
It’s very simple, find a server and use ssh -p22 localhost
. Try SSHing into the local machine and see if it requires a password.
As long as SSH is used, regardless of whether it is the local machine or not, mutual trust must be configured or the password must be entered manually.
Configuring mutual trust is not mandatory; you can also manually enter the SSH access account and password each time you perform an operation.
Setting up mutual trust will be much more convenient and efficient, improving operational efficiency.
If you don’t configure passwordless access to the local machine, you will need to enter a password when SSHing to the local machine. Generally, batch deployment scripts use SSH to install on the corresponding machines uniformly, without distinguishing between the local machine and other machines.
The installation is done via SSH.
Because the users are different, one is the root user and the other is the tidb user.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.