Update Dockerfile.rocky9

Author: tuhaihe

devops/build/packaging/docker/Dockerfile.rocky9

@@ -45,7 +45,8 @@ RUN sudo dnf install -y --enablerepo=crb liburing-devel && \
 # --------------------------------------------------------------------
 FROM rockylinux/rockylinux:9.6
 
-# Set locale environment
+# Set locale environment and timezone
+ENV TZ=UTC
 ENV LANG=en_US.UTF-8
 ENV LC_ALL=en_US.UTF-8
 
@@ -57,59 +58,58 @@ ENV COORDINATOR_DATA_DIRECTORY=/data0/database/coordinator/gpseg-1
 
 # Runtime dependencies (keep aligned with devops/sandbox/Dockerfile.*.rockylinux9 where possible)
 # Note: do NOT install libcurl here to avoid rocky9 libcurl-minimal conflicts.
-RUN dnf -y install \
-      openssh-server openssh-clients \
-      sudo shadow-utils \
-      bash procps-ng \
-      ca-certificates \
-      python3 \
+RUN dnf -y install --setopt=install_weak_deps=False \
       apr \
+      bash \
       bzip2-libs \
+      ca-certificates \
+      glibc-langpack-en \
+      iproute \
+      keyutils \
       krb5-libs \
       libevent \
       libicu \
+      libstdc++ \
+      liburing \
+      libuv \
       libuuid \
       libxml2 \
       libyaml \
       libzstd \
       lz4 \
       ncurses \
+      net-tools \
       openldap \
+      openssh-clients \
+      openssh-server \
       openssl \
       pam \
       pcre2 \
       perl \
+      procps-ng \
       protobuf \
+      python3 \
       readline \
-      zlib \
-      glibc-langpack-en \
-      libuv \
-      liburing \
-      iproute \
-      net-tools \
-      which \
       rsync \
-      keyutils \
-      libstdc++ && \
+      shadow-utils \
+      sudo \
+      which \
+      zlib && \
     dnf clean all && rm -rf /var/cache/dnf
 
-# Set locale and create gpadmin user
+# Set locale, create gpadmin user, and setup directories & SSH config
 RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf && \
     /usr/sbin/groupadd -r gpadmin && \
     /usr/sbin/useradd -m -r -g gpadmin gpadmin && \
     printf "Defaults:gpadmin !requiretty\ngpadmin ALL=(ALL) NOPASSWD: ALL\n" > /etc/sudoers.d/90-gpadmin && \
     chmod 440 /etc/sudoers.d/90-gpadmin && \
-    echo -e '\n# Add Cloudberry entries\nif [ -f /usr/local/cloudberry-db/cloudberry-env.sh ]; then\n  source /usr/local/cloudberry-db/cloudberry-env.sh\nfi' >> /home/gpadmin/.bashrc
-
-# Create required directories with proper permissions
-RUN mkdir -p /data0/database/coordinator /data0/database/primary /data0/database/mirror && \
+    echo -e '\n# Add Cloudberry entries\nif [ -f /usr/local/cloudberry-db/cloudberry-env.sh ]; then\n  source /usr/local/cloudberry-db/cloudberry-env.sh\nfi' >> /home/gpadmin/.bashrc && \
+    mkdir -p /data0/database/coordinator /data0/database/primary /data0/database/mirror && \
     mkdir -p /home/gpadmin/.ssh && \
     mkdir -p /run/sshd && \
     chown -R gpadmin:gpadmin /data0 /home/gpadmin/.ssh && \
-    chmod 700 /home/gpadmin/.ssh
-
-# SSH client config (host keys are generated at runtime by the entrypoint)
-RUN echo -e "Host *\n  StrictHostKeyChecking no\n  UserKnownHostsFile ~/.ssh/known_hosts\n  ServerAliveInterval 60" > /home/gpadmin/.ssh/config && \
+    chmod 700 /home/gpadmin/.ssh && \
+    echo -e "Host *\n  StrictHostKeyChecking no\n  UserKnownHostsFile ~/.ssh/known_hosts\n  ServerAliveInterval 60" > /home/gpadmin/.ssh/config && \
     chown gpadmin:gpadmin /home/gpadmin/.ssh/config && \
     chmod 600 /home/gpadmin/.ssh/config
 

devops/build/packaging/docker/README.md

@@ -70,8 +70,10 @@ docker logs cloudberry-db
 
 ## Notes
 
-- `sshd` is started for internal cluster communication. Port 22 is not exposed by default.
-- For better performance, consider raising ulimits:
+- **Timezone:** The container defaults to `UTC` (`TZ=UTC`). To use a different timezone, pass the `TZ` environment variable during run (e.g., `-e TZ=Asia/Shanghai`).
+- **Graceful Shutdown:** The entrypoint natively traps `SIGTERM`, `SIGINT`, and `SIGQUIT` to perform a safe `gpstop -a -M fast`. Standard `docker stop <container>` is perfectly safe and ensures data consistency.
+- **Internal SSH:** `sshd` is started exclusively for internal cluster communication. Port 22 is not exposed by default.
+- **System Limits:** For maximum performance, consider explicitly raising container limits at runtime:
   `--ulimit nofile=524288:524288 --ulimit nproc=131072:131072`.
-- Tuning config files are reused from `devops/sandbox/configs/`:
+- **Tuning Configs:** Environment system configurations are powerfully reused from `devops/sandbox/configs/`:
   `/etc/security/limits.d/90-cbdb-limits.conf` and `/etc/sysctl.d/90-cbdb-sysctl.conf`.

devops/build/packaging/docker/cloudberry-entrypoint.sh

@@ -262,7 +262,7 @@ stop_cluster() {
   gpstop -a -M fast >/dev/null 2>&1 || true
 }
 
-trap stop_cluster SIGTERM SIGINT
+trap stop_cluster SIGTERM SIGINT SIGQUIT
 
 log_dir="${COORDINATOR_DATA_DIRECTORY}/log"
 log "Following coordinator logs in: ${log_dir}"