cluster: add option for tmpdir

[dveeden]

What problem does this PR solve?

If /tmp is mounted with noexec then copying a binary and running it won't work. This adds an option to specify an alternative directory.

What is changed and how it works?

Check List

Tests

• Manual test (add detailed scripts or steps below)

Related changes

• Need to update the documentation

Release notes:

An option to specify the temporary directory has been added to `tiup cluster check`.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bb7133 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[breezewish]

Thank you. I'm curious in what scenario will this happen? (i.e. /tmp is mounted with noexec)

[dveeden]

Thank you. I'm curious in what scenario will this happen? (i.e. /tmp is mounted with noexec)

This is a common step in hardening a system. It is included in the "CIS Rocky Linux 9 Benchmark v2.0.0" for example (available from https://downloads.cisecurity.org ).

[dveeden]

I have an alternative patch where instead of modifying the value of task.CheckToolsPathDir and then using it elsewhere it directly uses opt.TempDir. Not sure which one is best.

diff --git a/components/cluster/command/check.go b/components/cluster/command/check.go
index d30f85e7..fa3cd63a 100644
--- a/components/cluster/command/check.go
+++ b/components/cluster/command/check.go
@@ -71,6 +71,7 @@ it will check the new instances `,
        cmd.Flags().BoolVar(&opt.ApplyFix, "apply", false, "Try to fix failed checks")
        cmd.Flags().BoolVar(&opt.ExistCluster, "cluster", false, "Check existing cluster, the input is a cluster name.")
        cmd.Flags().Uint64Var(&gOpt.APITimeout, "api-timeout", 10, "Timeout in seconds when querying PD APIs.")
+       cmd.Flags().StringVarP(&opt.TempDir, "tempdir", "t", "/tmp/tiup", "The temporary directory.")
 
        return cmd
 }
diff --git a/pkg/cluster/manager/check.go b/pkg/cluster/manager/check.go
index 72a4d599..6fcdd1be 100644
--- a/pkg/cluster/manager/check.go
+++ b/pkg/cluster/manager/check.go
@@ -42,8 +42,9 @@ type CheckOptions struct {
        IdentityFile string // path to the private key file
        UsePassword  bool   // use password instead of identity file for ssh connection
        Opr          *operator.CheckOptions
-       ApplyFix     bool // try to apply fixes of failed checks
-       ExistCluster bool // check an exist cluster
+       ApplyFix     bool   // try to apply fixes of failed checks
+       ExistCluster bool   // check an exist cluster
+       TempDir      string // tempdir
 }
 
 // CheckCluster check cluster before deploying or upgrading
@@ -336,7 +337,7 @@ func checkSystemInfo(
                                topo.GlobalOptions.SSHType,
                                opt.User != "root" && systemdMode != spec.UserMode,
                        ).
-                       Mkdir(opt.User, inst.GetManageHost(), systemdMode != spec.UserMode, filepath.Join(task.CheckToolsPathDir, "bin")).
+                       Mkdir(opt.User, inst.GetManageHost(), systemdMode != spec.UserMode, filepath.Join(opt.TempDir, "bin")).
                        CopyComponent(
                                spec.ComponentCheckCollector,
                                inst.OS(),
@@ -344,11 +345,11 @@ func checkSystemInfo(
                                insightVer,
                                "", // use default srcPath
                                inst.GetManageHost(),
-                               task.CheckToolsPathDir,
+                               opt.TempDir,
                        ).
                        Shell(
                                inst.GetManageHost(),
-                               filepath.Join(task.CheckToolsPathDir, "bin", "insight"),
+                               filepath.Join(opt.TempDir, "bin", "insight"),
                                "",
                                false,
                        ).
@@ -376,7 +377,7 @@ func checkSystemInfo(
                                topo.GlobalOptions.SSHType,
                                opt.User != "root" && systemdMode != spec.UserMode,
                        ).
-                       Rmdir(inst.GetManageHost(), task.CheckToolsPathDir).
+                       Rmdir(inst.GetManageHost(), opt.TempDir).
                        BuildAsStep("  - Cleanup check files on " + utils.JoinHostPort(inst.GetManageHost(), inst.GetSSHPort()))
                cleanTasks = append(cleanTasks, t3)
        }

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2025-02-10 07:51:36.585541895 +0000 UTC m=+256538.981763956: ☑️ agreed by xhebox.