tiup: clarify limits.conf behavior in no-sudo mode

[doc-claw-bot]

What is changed, added or deleted? (Required)

This PR updates the Chinese TiUP no-sudo documentation to clarify how resource limits take effect for the per-user systemd manager.

• Clarify that /etc/security/limits.conf might be applied through PAM when user@<UID>.service starts, but the effective Max open files value still depends on the limits obtained by the user manager itself.
• Add a verification step to check the effective Max open files value of the running user@${uid}.service.
• Add a documented fallback: if the effective value is still too low, configure a system-level drop-in for user@${uid}.service with LimitNOFILE=1000000.
• Explain that restarting user@${uid}.service stops all user services managed by that user, so existing clusters should be stopped first or handled in a maintenance window.

Which TiDB version(s) do your changes apply to? (Required)

Tips for choosing the affected version(s):

By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.

For details, see tips for choosing the affected versions (in Chinese).

• master (the latest development version)
• v9.0 (TiDB 9.0 versions)
• v8.5 (TiDB 8.5 versions)
• v8.1 (TiDB 8.1 versions)
• v7.5 (TiDB 7.5 versions)
• v7.1 (TiDB 7.1 versions)
• v6.5 (TiDB 6.5 versions)
• v6.1 (TiDB 6.1 versions)

What is the related PR or file link(s)?

• This PR is translated from: tiup: clarify limits.conf behavior in no-sudo mode docs#23120
• Other reference link(s): https://docs.pingcap.com/zh/tidb/stable/tiup-cluster-no-sudo-mode/
• systemd reference: https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
• TiUP service template reference: https://github.com/pingcap/tiup/blob/0ca2354a289c34bf3a6a90871e1dcdc293409f11/embed/templates/systemd/system.service.tpl

Do your changes match any of the following descriptions?

• Delete files
• Change aliases
• Need modification after applied to another branch
• Might cause conflicts after applied to another branch

[ti-chi-bot]

Hi @doc-claw-bot. Thanks for your PR.

I'm waiting for a pingcap member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign oreoxmt for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[lilin90]

/ok-to-test

[Copilot]

Pull request overview

This PR updates the Chinese TiUP no-sudo deployment documentation to clarify how file descriptor limits (nofile) actually take effect under per-user systemd (user@<UID>.service) and to provide concrete verification and remediation steps.

Changes:

• Explain why /etc/security/limits.conf may not fully determine the effective Max open files for the per-user systemd manager in no-sudo mode.
• Add steps to restart user@${uid}.service after updating limits, verify the effective limit via /proc/<pid>/limits, and document a system-level drop-in fallback using LimitNOFILE=1000000.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.