wddevries
diff --git a/‎dashboard/dashboard-ops-reverse-proxy.md
+1-1 b/‎dashboard/dashboard-ops-reverse-proxy.md
+1-1
diff --git a/‎post-installation-check.md
+1-1 b/‎post-installation-check.md
+1-1
diff --git a/‎production-deployment-using-tiup.md
+9-66 b/‎production-deployment-using-tiup.md
+9-66
@@ -132,7 +132,7 @@ server_configs:
 <details>
 <summary> <strong>Modify configuration when deploying a new cluster using TiUP</strong> </summary>
 
-If you are deploying a new cluster, you can add the configuration above to the `topology.yaml` TiUP topology file and deploy the cluster. For specific instruction, see [TiUP deployment document](/production-deployment-using-tiup.md#step-3-initialize-cluster-topology-file).
+If you are deploying a new cluster, you can add the configuration above to the `topology.yaml` TiUP topology file and deploy the cluster. For specific instruction, see [TiUP deployment document](/production-deployment-using-tiup.md#step-3-initialize-the-cluster-topology-file).
 
 </details>
 
 
@@ -56,7 +56,7 @@ Log in to the database by running the following command:
 mysql -u root -h ${tidb_server_host_IP_address} -P 4000
 ```
 
-`${tidb_server_host_IP_address}` is one of the IP addresses set for `tidb_servers` when you [initialize the cluster topology file](/production-deployment-using-tiup.md#step-3-initialize-cluster-topology-file), such as `10.0.1.7`.
+`${tidb_server_host_IP_address}` is one of the IP addresses set for `tidb_servers` when you [initialize the cluster topology file](/production-deployment-using-tiup.md#step-3-initialize-the-cluster-topology-file), such as `10.0.1.7`.
 
 The following information indicates successful login:
 
 
@@ -12,7 +12,7 @@ TiUP is a cluster operation and maintenance tool introduced in TiDB v4.0. It pro
 
 TiUP also supports deploying TiDB, TiFlash, TiCDC, and the monitoring system. This guide introduces how to deploy TiDB clusters with different topologies.
 
-## Step 1. Prerequisites and precheck
+## Step 1. Prerequisites and prechecks
 
 Make sure that you have read the following documents:
 
@@ -31,8 +31,6 @@ Log in to the control machine using a regular user account (take the `tidb` user
 
 1. Install TiUP by running the following command:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     curl --proto '=https' --tlsv1.2 -sSf https://tiup-mirrors.pingcap.com/install.sh | sh
     ```
@@ -41,32 +39,24 @@ Log in to the control machine using a regular user account (take the `tidb` user
 
     1. Redeclare the global environment variables:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         source .bash_profile
         ```
 
     2. Confirm whether TiUP is installed:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         which tiup
         ```
 
 3. Install the TiUP cluster component:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster
     ```
 
 4. If TiUP is already installed, update the TiUP cluster component to the latest version:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup update --self && tiup update cluster
     ```
@@ -75,8 +65,6 @@ Log in to the control machine using a regular user account (take the `tidb` user
 
 5. Verify the current version of your TiUP cluster:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup --binary cluster
     ```
@@ -107,24 +95,18 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
     1. Install the TiUP tool:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         curl --proto '=https' --tlsv1.2 -sSf https://tiup-mirrors.pingcap.com/install.sh | sh
         ```
 
     2. Redeclare the global environment variables:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         source .bash_profile
         ```
 
     3. Confirm whether TiUP is installed:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         which tiup
         ```
@@ -133,8 +115,6 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
     1. Pull the needed components on a machine that has access to the Internet:
 
-        {{< copyable "shell-regular" >}}
-
         ```shell
         tiup mirror clone tidb-community-server-${version}-linux-amd64 ${version} --os=linux --arch=amd64
         ```
@@ -143,8 +123,6 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
     2. Pack the component package by using the `tar` command and send the package to the control machine in the isolated environment:
 
-        {{< copyable "shell-regular" >}}
-
         ```bash
         tar czvf tidb-community-server-${version}-linux-amd64.tar.gz tidb-community-server-${version}-linux-amd64
         ```
@@ -157,8 +135,6 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
     1. When pulling an offline mirror, you can get an incomplete offline mirror by specifying specific information via parameters, such as the component and version information. For example, you can pull an offline mirror that includes only the offline mirror of TiUP v1.12.3 and TiUP Cluster v1.12.3 by running the following command:
 
-        {{< copyable "shell-regular" >}}
-
         ```bash
         tiup mirror clone tiup-custom-mirror-v1.12.3 --tiup v1.12.3 --cluster v1.12.3
         ```
@@ -169,8 +145,6 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
     3. Check the path of the current offline mirror on the control machine in the isolated environment. If your TiUP tool is of a recent version, you can get the current mirror address by running the following command:
 
-        {{< copyable "shell-regular" >}}
-
         ```bash
         tiup mirror show
         ```
@@ -181,16 +155,12 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
         First, copy the `keys` directory in the current offline mirror to the `$HOME/.tiup` directory:
 
-        {{< copyable "shell-regular" >}}
-
         ```bash
         cp -r ${base_mirror}/keys $HOME/.tiup/
         ```
 
         Then use the TiUP command to merge the incomplete offline mirror into the mirror in use:
 
-        {{< copyable "shell-regular" >}}
-
         ```bash
         tiup mirror merge tiup-custom-mirror-v1.12.3
         ```
@@ -201,8 +171,6 @@ https://download.pingcap.org/tidb-community-toolkit-{version}-linux-{arch}.tar.g
 
 After sending the package to the control machine of the target cluster, install the TiUP component by running the following commands:
 
-{{< copyable "shell-regular" >}}
-
 ```bash
 tar xzvf tidb-community-server-${version}-linux-amd64.tar.gz && \
 sh tidb-community-server-${version}-linux-amd64/local_install.sh && \
@@ -227,12 +195,10 @@ tiup mirror merge ../tidb-community-toolkit-${version}-linux-amd64
 
 To switch the mirror to another directory, run the `tiup mirror set <mirror-dir>` command. To switch the mirror to the online environment, run the `tiup mirror set https://tiup-mirrors.pingcap.com` command.
 
-## Step 3. Initialize cluster topology file
+## Step 3. Initialize the cluster topology file
 
 Run the following command to create a cluster topology file:
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster template > topology.yaml
 ```
@@ -241,23 +207,17 @@ In the following two common scenarios, you can generate recommended topology tem
 
 - For hybrid deployment: Multiple instances are deployed on a single machine. For details, see [Hybrid Deployment Topology](/hybrid-deployment-topology.md).
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster template --full > topology.yaml
     ```
 
 - For geo-distributed deployment: TiDB clusters are deployed in geographically distributed data centers. For details, see [Geo-Distributed Deployment Topology](/geo-distributed-deployment-topology.md).
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster template --multi-dc > topology.yaml
     ```
 
-Run `vi topology.yaml` to see the configuration file content:
-
-{{< copyable "shell-regular" >}}
+Run `vi topology.yaml` to see the content of the configuration file:
 
 ```shell
 global:
@@ -286,7 +246,7 @@ alertmanager_servers:
   - host: 10.0.1.4
 ```
 
-The following examples cover seven common scenarios. You need to modify the configuration file (named `topology.yaml`) according to the topology description and templates in the corresponding links. For other scenarios, edit the configuration template accordingly.
+The following examples cover six common scenarios. You need to modify the configuration file (named `topology.yaml`) according to the topology description and templates in the corresponding links. For other scenarios, edit the configuration template accordingly.
 
 | Application | Configuration task | Configuration file template | Topology description |
 | :-- | :-- | :-- | :-- |
@@ -315,39 +275,35 @@ For more configuration description, see the following configuration examples:
 
 > **Note:**
 >
-> You can use secret keys or interactive passwords for security authentication when you deploy TiDB using TiUP:
+> You can securely authenticate users used for initialization when deploying a cluster via TiUP (specified via `--user`) using either a key or a cross-password:
 >
 > - If you use secret keys, specify the path of the keys through `-i` or `--identity_file`.
 > - If you use passwords, add the `-p` flag to enter the password interaction window.
 > - If password-free login to the target machine has been configured, no authentication is required.
 >
-> In general, TiUP creates the user and group specified in the `topology.yaml` file on the target machine, with the following exceptions:
+> In general, the users and groups used by TiUP to actually execute the processes (specified via `topology.yaml`, and the default value is `tidb`) are created automatically on the target machine, with the following exceptions:
 >
 > - The user name configured in `topology.yaml` already exists on the target machine.
 > - You have used the `--skip-create-user` option in the command line to explicitly skip the step of creating the user.
+>
+> Regardless of whether the users and groups agreed upon in `topology.yaml` are created automatically, TiUP automatically generates a pair of ssh keys and sets up a secret-free login for that user on each machine. This user and ssh key will be used to manage the machine for all subsequent operations, while the user and password used for initialization will not be used any more after the deployment is complete.
 
 Before you run the `deploy` command, use the `check` and `check --apply` commands to detect and automatically repair potential risks in the cluster:
 
 1. Check for potential risks:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster check ./topology.yaml --user root [-p] [-i /home/root/.ssh/gcp_rsa]
     ```
 
 2. Enable automatic repair:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster check ./topology.yaml --apply --user root [-p] [-i /home/root/.ssh/gcp_rsa]
     ```
 
 3. Deploy a TiDB cluster:
 
-    {{< copyable "shell-regular" >}}
-
     ```shell
     tiup cluster deploy tidb-test v8.5.0 ./topology.yaml --user root [-p] [-i /home/root/.ssh/gcp_rsa]
     ```
@@ -364,8 +320,6 @@ At the end of the output log, you will see ```Deployed cluster `tidb-test` succe
 
 ## Step 5. Check the clusters managed by TiUP
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster list
 ```
@@ -376,8 +330,6 @@ TiUP supports managing multiple TiDB clusters. The preceding command outputs inf
 
 For example, run the following command to check the status of the `tidb-test` cluster:
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster display tidb-test
 ```
@@ -393,21 +345,16 @@ After safe start, TiUP automatically generates a password for the TiDB root user
 > **Note:**
 >
 > - After safe start of a TiDB cluster, you cannot log in to TiDB using a root user without a password. Therefore, you need to record the password returned in the command output for future logins.
->
 > - The password is generated only once. If you do not record it or you forgot it, refer to [Forget the `root` password](/user-account-management.md#forget-the-root-password) to change the password.
 
 Method 1: Safe start
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster start tidb-test --init
 ```
 
 If the output is as follows, the start is successful:
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 Started cluster `tidb-test` successfully.
 The root password of TiDB database has been changed.
@@ -418,8 +365,6 @@ The generated password can NOT be got again in future.
 
 Method 2: Standard start
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster start tidb-test
 ```
@@ -428,8 +373,6 @@ If the output log includes ```Started cluster `tidb-test` successfully```, the s
 
 ## Step 8. Verify the running status of the TiDB cluster
 
-{{< copyable "shell-regular" >}}
-
 ```shell
 tiup cluster display tidb-test
 ```
@@ -452,4 +395,4 @@ If you have deployed [TiCDC](/ticdc/ticdc-overview.md) along with the TiDB clust
 - [Troubleshoot TiCDC](/ticdc/troubleshoot-ticdc.md)
 - [TiCDC FAQs](/ticdc/ticdc-faq.md)
 
-If you want to scale out or scale in your TiDB cluster without interrupting the online services, see [Scale a TiDB Cluster Using TiUP](/scale-tidb-using-tiup.md).
+If you want to scale out or scale in your TiDB cluster without interrupting the online services, see [Scale a TiDB Cluster Using TiUP](/scale-tidb-using-tiup.md).