From 95416f4f30cbeb4ba9a2f628f8d1a786e2d034c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Tue, 21 Jan 2025 07:31:27 +0100
Subject: [PATCH 1/9] tiup: give a more clear recommendation about SELinux

---
 check-before-deployment.md           | 6 +++++-
 tiup/tiup-component-cluster-check.md | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/check-before-deployment.md b/check-before-deployment.md
index a5ac8189e893d..1c20089c5b279 100644
--- a/check-before-deployment.md
+++ b/check-before-deployment.md
@@ -789,4 +789,8 @@ sudo yum -y install numactl
 
 ## Disable SELinux
 
-Use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility to check if SELinux is disabled or set to permissive. SELinux in enforcing mode can cause deployment failures. For instructions on disabling SELinux, refer to your operating system's documentation.
+Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode.
+
+On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
+
+If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot.
diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md
index 02f557ce0d1c1..4fedbc6246eda 100644
--- a/tiup/tiup-component-cluster-check.md
+++ b/tiup/tiup-component-cluster-check.md
@@ -66,7 +66,11 @@ Check the limit values in the `/etc/security/limits.conf` file:
 
 ### SELinux
 
-Check whether SELinux is enabled. It is required to disable SELinux.
+Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode.
+
+On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
+
+If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot.
 
 ### Firewall
 

From d32ebf785d2528a167a175990677d9d8b3850c5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <github@myname.nl>
Date: Wed, 12 Feb 2025 07:39:21 +0100
Subject: [PATCH 2/9] Update check-before-deployment.md

Co-authored-by: Grace Cai <qqzczy@126.com>
---
 check-before-deployment.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/check-before-deployment.md b/check-before-deployment.md
index 1c20089c5b279..88226104d29b9 100644
--- a/check-before-deployment.md
+++ b/check-before-deployment.md
@@ -789,7 +789,7 @@ sudo yum -y install numactl
 
 ## Disable SELinux
 
-Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode.
+SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
 On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
 

From e037ac0c17f6c4743da549a8b1ab461d706f0289 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <github@myname.nl>
Date: Wed, 12 Feb 2025 07:41:32 +0100
Subject: [PATCH 3/9] Update tiup/tiup-component-cluster-check.md

Co-authored-by: Grace Cai <qqzczy@126.com>
---
 tiup/tiup-component-cluster-check.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md
index 4fedbc6246eda..59c4d4507d63a 100644
--- a/tiup/tiup-component-cluster-check.md
+++ b/tiup/tiup-component-cluster-check.md
@@ -66,7 +66,7 @@ Check the limit values in the `/etc/security/limits.conf` file:
 
 ### SELinux
 
-Check whether SELinux is enabled. To check the current status use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility. It is required to disable SELinux or have it in Permissive mode.
+SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
 On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
 

From a1cb0fd111e7cf18d5e4b69773b77e5484444338 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <github@myname.nl>
Date: Wed, 12 Feb 2025 08:04:26 +0100
Subject: [PATCH 4/9] Update tiup/tiup-component-cluster-check.md

Co-authored-by: Grace Cai <qqzczy@126.com>
---
 tiup/tiup-component-cluster-check.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md
index 59c4d4507d63a..8e10079247331 100644
--- a/tiup/tiup-component-cluster-check.md
+++ b/tiup/tiup-component-cluster-check.md
@@ -68,9 +68,8 @@ Check the limit values in the `/etc/security/limits.conf` file:
 
 SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
-On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
-
-If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot.
+If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
+On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step.
 
 ### Firewall
 

From 89cea7ace01d3340b7a695d88d1f003e06f451f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <github@myname.nl>
Date: Wed, 12 Feb 2025 08:04:44 +0100
Subject: [PATCH 5/9] Update check-before-deployment.md

Co-authored-by: Grace Cai <qqzczy@126.com>
---
 check-before-deployment.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/check-before-deployment.md b/check-before-deployment.md
index 88226104d29b9..21164e31241c3 100644
--- a/check-before-deployment.md
+++ b/check-before-deployment.md
@@ -791,6 +791,6 @@ sudo yum -y install numactl
 
 SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
-On some systems (e.g. Ubuntu) the `/etc/selinux/config` file might not exist and the `getenforce` command might not be installed, in that case you can skip this step.
+If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
 
-If SELinux is not disabled, change the line in `/etc/selinux/config` that starts with `SELINUX=` to have it say `SELINUX=disabled`. After changing this line you need to reboot the system as SELinux doesn't allow you to change the mode from Enforcing or Permissive to Disabled without a reboot.
+On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step.

From ec4f37f5902ec93ec37873035befb02bf285d968 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Wed, 12 Feb 2025 08:15:16 +0100
Subject: [PATCH 6/9] fixup

---
 tiup/tiup-component-cluster-check.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md
index 8e10079247331..23f5c296a0dc3 100644
--- a/tiup/tiup-component-cluster-check.md
+++ b/tiup/tiup-component-cluster-check.md
@@ -69,6 +69,7 @@ Check the limit values in the `/etc/security/limits.conf` file:
 SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
 If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
+
 On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step.
 
 ### Firewall

From 76873a5b4c3cca3b16553e2589bbf5bd5c74a635 Mon Sep 17 00:00:00 2001
From: Grace Cai <qqzczy@126.com>
Date: Thu, 13 Feb 2025 17:06:59 +0800
Subject: [PATCH 7/9] minor wording updates

---
 check-before-deployment.md           | 2 +-
 tiup/tiup-component-cluster-check.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/check-before-deployment.md b/check-before-deployment.md
index 21164e31241c3..03b2320d2cc6f 100644
--- a/check-before-deployment.md
+++ b/check-before-deployment.md
@@ -791,6 +791,6 @@ sudo yum -y install numactl
 
 SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
-If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
+If SELinux is not disabled, open the `/etc/selinux/config` file, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
 
 On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step.
diff --git a/tiup/tiup-component-cluster-check.md b/tiup/tiup-component-cluster-check.md
index 23f5c296a0dc3..2e659b6fc61e2 100644
--- a/tiup/tiup-component-cluster-check.md
+++ b/tiup/tiup-component-cluster-check.md
@@ -68,7 +68,7 @@ Check the limit values in the `/etc/security/limits.conf` file:
 
 SELinux must be disabled or set to permissive mode. To check the current status, use the [getenforce(8)](https://linux.die.net/man/8/getenforce) utility.
 
-If SELinux is not disabled, open `/etc/selinux/config`, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
+If SELinux is not disabled, open the `/etc/selinux/config` file, locate the line starting with `SELINUX=`, and change it to `SELINUX=disabled`. After making this change, you need to reboot the system because switching from `enforcing` or `permissive` to `disabled` does not take effect without a reboot.
 
 On some systems (such as Ubuntu), the `/etc/selinux/config` file might not exist, and the getenforce utility might not be installed. In that case, you can skip this step.
 

From 2f75e5cde964cfbca83f0530d56e1912571aac86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Thu, 13 Feb 2025 10:45:16 +0100
Subject: [PATCH 8/9] Ignore linux.die.net in linkchecker

---
 .lycheeignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.lycheeignore b/.lycheeignore
index 3ead57f29a342..ce919d2c77c0f 100644
--- a/.lycheeignore
+++ b/.lycheeignore
@@ -14,4 +14,5 @@ file://.*?http:/\$%7BPD_IP%7D:\$%7BPD_PORT%7D/dashboard.*
 http://\{grafana-ip\}:3000
 http://\{pd-ip\}:2379/dashboard
 http://localhost:\d+/
-https://github\.com/\$user/(docs|docs-cn)
\ No newline at end of file
+https://github\.com/\$user/(docs|docs-cn)
+https://linux.die.net/man.*

From e711138627173c12454f3a13a6ffc58b31a482a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Thu, 13 Feb 2025 10:52:27 +0100
Subject: [PATCH 9/9] Run link checker with .lycheeignore from the PR

---
 .github/workflows/link-fail-fast.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/link-fail-fast.yaml b/.github/workflows/link-fail-fast.yaml
index a5e4677d08972..04ac603a65fe2 100644
--- a/.github/workflows/link-fail-fast.yaml
+++ b/.github/workflows/link-fail-fast.yaml
@@ -17,10 +17,6 @@ jobs:
           CHANGED_FILES=$(git diff-tree --name-only --diff-filter 'AM' -r HEAD^1 HEAD -- "*.md" | sed -z "s/\n$//;s/\n/' '/g")
           echo "all_changed_files=${CHANGED_FILES}" >> $GITHUB_OUTPUT
 
-      - name: Download Exclude Path
-        run: |
-          curl https://raw.githubusercontent.com/pingcap/docs/master/.lycheeignore -O
-
       - name: Link Checker
         if: ${{ steps.changed-files.outputs.all_changed_files }}
         uses: lycheeverse/lychee-action@v1.6.1