Add Rocky9 Dockerfile and docs

Author: tuhaihe

devops/build/packaging/docker/Dockerfile.rocky9

@@ -0,0 +1,149 @@
+# --------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# --------------------------------------------------------------------
+# Dockerfile for Apache Cloudberry (Incubating) - Production Build
+# --------------------------------------------------------------------
+# Multi-stage build optimized for production deployment
+# Builds Cloudberry from source using official development environment
+# --------------------------------------------------------------------
+
+# --------------------------------------------------------------------
+# Build stage: Use official Cloudberry development image
+# --------------------------------------------------------------------
+ARG BUILDER_IMAGE=apache/incubator-cloudberry:cbdb-build-rocky9-latest
+FROM ${BUILDER_IMAGE} AS builder
+
+# Copy source code
+COPY --chown=gpadmin:gpadmin . /home/gpadmin/cloudberry
+
+# Build Cloudberry using official build scripts
+USER gpadmin
+WORKDIR /home/gpadmin/cloudberry
+
+RUN sudo dnf install -y --enablerepo=crb liburing-devel && \
+    export SRC_DIR=/home/gpadmin/cloudberry && \
+    export BUILD_DESTINATION=/usr/local/cloudberry-db && \
+    mkdir -p ${SRC_DIR}/build-logs && \
+    ./devops/build/automation/cloudberry/scripts/configure-cloudberry.sh && \
+    ./devops/build/automation/cloudberry/scripts/build-cloudberry.sh
+
+# --------------------------------------------------------------------
+# Runtime stage: Minimal production image
+# --------------------------------------------------------------------
+FROM rockylinux/rockylinux:9.6
+
+# Set locale environment
+ENV LANG=en_US.UTF-8
+ENV LC_ALL=en_US.UTF-8
+
+# Cloudberry environment variables
+ENV GPHOME=/usr/local/cloudberry-db
+ENV PATH=$GPHOME/bin:$PATH
+ENV LD_LIBRARY_PATH=$GPHOME/lib:$LD_LIBRARY_PATH
+ENV COORDINATOR_DATA_DIRECTORY=/data0/database/coordinator/gpseg-1
+
+# Runtime dependencies (keep aligned with devops/sandbox/Dockerfile.*.rockylinux9 where possible)
+# Note: do NOT install libcurl here to avoid rocky9 libcurl-minimal conflicts.
+RUN dnf -y install \
+      openssh-server openssh-clients \
+      sudo shadow-utils \
+      bash procps-ng \
+      ca-certificates \
+      python3 \
+      apr \
+      bzip2-libs \
+      krb5-libs \
+      libevent \
+      libicu \
+      libuuid \
+      libxml2 \
+      libyaml \
+      libzstd \
+      lz4 \
+      ncurses \
+      openldap \
+      openssl \
+      pam \
+      pcre2 \
+      perl \
+      protobuf \
+      readline \
+      zlib \
+      glibc-langpack-en \
+      libuv \
+      liburing \
+      iproute \
+      net-tools \
+      which \
+      rsync \
+      keyutils \
+      libstdc++ && \
+    dnf clean all && rm -rf /var/cache/dnf
+
+# Set locale and create gpadmin user
+RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf && \
+    /usr/sbin/groupadd -r gpadmin && \
+    /usr/sbin/useradd -m -r -g gpadmin gpadmin && \
+    printf "Defaults:gpadmin !requiretty\ngpadmin ALL=(ALL) NOPASSWD: ALL\n" > /etc/sudoers.d/90-gpadmin && \
+    chmod 440 /etc/sudoers.d/90-gpadmin && \
+    echo -e '\n# Add Cloudberry entries\nif [ -f /usr/local/cloudberry-db/cloudberry-env.sh ]; then\n  source /usr/local/cloudberry-db/cloudberry-env.sh\nfi' >> /home/gpadmin/.bashrc
+
+# Create required directories with proper permissions
+RUN mkdir -p /data0/database/coordinator /data0/database/primary /data0/database/mirror && \
+    mkdir -p /home/gpadmin/.ssh && \
+    mkdir -p /run/sshd && \
+    chown -R gpadmin:gpadmin /data0 /home/gpadmin/.ssh && \
+    chmod 700 /home/gpadmin/.ssh
+
+# SSH client config (host keys are generated at runtime by the entrypoint)
+RUN echo -e "Host *\n  StrictHostKeyChecking no\n  UserKnownHostsFile ~/.ssh/known_hosts\n  ServerAliveInterval 60" > /home/gpadmin/.ssh/config && \
+    chown gpadmin:gpadmin /home/gpadmin/.ssh/config && \
+    chmod 600 /home/gpadmin/.ssh/config
+
+# Copy configuration files from sandbox (reusable components)
+COPY --chown=gpadmin:gpadmin devops/sandbox/configs/gpinitsystem_singlenode /tmp/gpinitsystem_singlenode
+
+# Reuse sandbox tuning configs (note: sysctls require privileged/sysctl support at runtime)
+COPY devops/sandbox/configs/90-cbdb-limits.conf /etc/security/limits.d/90-cbdb-limits.conf
+COPY devops/sandbox/configs/90-cbdb-sysctl.conf /etc/sysctl.d/90-cbdb-sysctl.conf
+
+# Copy custom scripts
+COPY --chown=gpadmin:gpadmin devops/build/packaging/docker/cloudberry-entrypoint.sh /usr/local/bin/cloudberry-entrypoint.sh
+
+# Set executable permissions
+RUN chmod 755 /usr/local/bin/cloudberry-entrypoint.sh /tmp/gpinitsystem_singlenode
+
+# Copy built Cloudberry from builder stage
+COPY --from=builder --chown=gpadmin:gpadmin /usr/local/cloudberry-db /usr/local/cloudberry-db
+COPY --from=builder --chown=gpadmin:gpadmin /usr/local/xerces-c/lib/libxerces-c.so /usr/local/cloudberry-db/lib/
+COPY --from=builder --chown=gpadmin:gpadmin /usr/local/xerces-c/lib/libxerces-c-3.*.so /usr/local/cloudberry-db/lib/
+
+# Expose coordinator port
+EXPOSE 5432
+
+# Healthcheck: coordinator readiness (initialization can take a while)
+HEALTHCHECK --interval=10s --timeout=5s --start-period=5m --retries=6 \
+  CMD /usr/local/cloudberry-db/bin/pg_isready -h localhost -p 5432 || exit 1
+
+# Volume for persistent data
+VOLUME ["/data0"]
+
+# Set default user
+USER gpadmin
+
+# Entrypoint and default command
+ENTRYPOINT ["/usr/local/bin/cloudberry-entrypoint.sh"]
+CMD ["cloudberry"]

devops/build/packaging/docker/README.md

@@ -0,0 +1,77 @@
+# Apache Cloudberry (Incubating) Docker image (Rocky Linux 9)
+
+This directory contains Docker build definitions for a single-node Apache Cloudberry container image.
+
+## Build
+
+Build from the current source tree (multi-stage build using a pre-built builder image):
+
+```bash
+docker build \
+  -f devops/build/packaging/docker/Dockerfile.rocky9 \
+  -t apache/cloudberry:dev .
+```
+
+Override the builder image (for example, pin to a digest/tag or use a locally-built builder):
+
+```bash
+docker build \
+  -f devops/build/packaging/docker/Dockerfile.rocky9 \
+  --build-arg BUILDER_IMAGE=apache/incubator-cloudberry:cbdb-build-rocky9-latest \
+  -t apache/cloudberry:dev .
+```
+
+## Run
+
+On first startup the container initializes a single-node cluster under `/data0` and starts it. By default,
+host connections use `md5` and require `POSTGRES_PASSWORD` (similar to the official Postgres images).
+
+```bash
+docker volume create cloudberry_data
+
+docker run --rm -it \
+  --name cloudberry-db \
+  -e POSTGRES_PASSWORD=postgres \
+  -p 5432:5432 \
+  -v cloudberry_data:/data0 \
+  apache/cloudberry:dev
+```
+
+Quick sandbox (NOT recommended for production):
+
+```bash
+docker run --rm -it \
+  --name cloudberry-db \
+  -e POSTGRES_HOST_AUTH_METHOD=trust \
+  -p 5432:5432 \
+  apache/cloudberry:dev
+```
+
+## Connect / Inspect
+
+From the host:
+
+```bash
+PGPASSWORD=postgres psql -h localhost -p 5432 -U gpadmin -d gpadmin
+```
+
+From inside the container:
+
+```bash
+docker exec -it cloudberry-db bash -lc "source /usr/local/cloudberry-db/cloudberry-env.sh && psql -d gpadmin"
+```
+
+Cluster status and logs:
+
+```bash
+docker exec cloudberry-db gpstate -s
+docker logs cloudberry-db
+```
+
+## Notes
+
+- `sshd` is started for internal cluster communication. Port 22 is not exposed by default.
+- For better performance, consider raising ulimits:
+  `--ulimit nofile=524288:524288 --ulimit nproc=131072:131072`.
+- Tuning config files are reused from `devops/sandbox/configs/`:
+  `/etc/security/limits.d/90-cbdb-limits.conf` and `/etc/sysctl.d/90-cbdb-sysctl.conf`.