DevOps: add Ansible playbook for cluster deployment

devops/deploy/ansible/README.md

@@ -0,0 +1,103 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+# Apache Cloudberry Deployment Via Ansible
+
+This directory contains an Ansible playbook for deploying Apache Cloudberry on physical or virtual machines via Ansible.
+
+## Quick Start
+
+```bash
+# 1. Edit inventory and variables
+vi ansible/inventory/hosts       # set hostnames and IPs
+vi ansible/group_vars/all.yml    # set password, disk, segments, etc.
+
+# 2. Run the playbook
+ansible-playbook ansible/site.yml -i ansible/inventory/hosts \
+    -e package_path=./apache-cloudberry-db-incubating-2.1.0-1.el9.x86_64.rpm
+```
+
+## Cluster Layout (default)
+
+| Host | Role |
+|------|------|
+| cdw  | Coordinator |
+| scdw | Standby Coordinator |
+| sdw1 | Segment Host 1 |
+| sdw2 | Segment Host 2 |
+| sdw3 | Segment Host 3 |
+
+Each segment host runs 2 primary segments and 2 mirror segments (spread mirroring).
+
+## Prerequisites
+
+- Ansible installed on the control machine (tested with ansible-core 2.14+)
+- Root SSH access from the control machine to all hosts
+- All hosts have Rocky Linux 8/9 or compatible OS installed
+- Apache Cloudberry RPM/DEB package downloaded to the control machine
+
+Ansible 2.10+ requires the following collections to be installed separately:
+
+```bash
+ansible-galaxy collection install ansible.posix community.general community.crypto
+```
+
+To suppress the Python `crypt` module deprecation warning, install `passlib`:
+
+```bash
+pip3 install passlib
+```
+
+## Directory Structure
+
+```
+ansible/
+├── ansible.cfg           # disable host key checking
+├── site.yml              # main playbook
+├── inventory/
+│   └── hosts             # hostnames and IPs
+└── group_vars/
+    └── all.yml           # deployment variables
+```
+
+## What the Playbook Does
+
+1. Disable SELinux and firewall
+2. Configure hostnames and `/etc/hosts`
+3. Set kernel parameters (`sysctl`)
+4. Set resource limits (`limits.conf`)
+5. Configure XFS mount and disk I/O settings
+6. Disable Transparent Huge Pages
+7. Disable IPC object removal
+8. Configure SSH thresholds
+9. Synchronize system clocks (chronyd)
+10. Create `gpadmin` user with sudo
+11. Install Apache Cloudberry package on all hosts
+12. Configure passwordless SSH for gpadmin (N-N)
+13. Create data storage directories
+14. Initialize the cluster with `gpinitsystem`
+15. Set environment variables in `.bashrc`
+
+## After Deployment
+
+```bash
+su - gpadmin
+psql -d warehouse    # connect to the database
+gpstate -s           # check cluster status
+```

devops/deploy/ansible/ansible.cfg

@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[defaults]
+host_key_checking = False

devops/deploy/ansible/group_vars/all.yml

@@ -0,0 +1,76 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Apache Cloudberry Deployment Variables
+#
+# Note: kernel.shmall, kernel.shmmax, vm.overcommit_ratio, vm.min_free_kbytes,
+# and vm.dirty_* parameters are NOT set here. They are dynamically calculated
+# at deploy time based on each host's actual RAM and swap size.
+# See the "Calculate dynamic sysctl values" tasks in site.yml.
+
+# Cloudberry version
+cloudberry_version: "2.1.0"
+
+# Admin user
+cloudberry_admin_user: "gpadmin"
+cloudberry_admin_password: "changeme"
+
+# Package path (override via -e package_path=... on the command line)
+# Example: -e package_path=/root/apache-cloudberry-db-incubating-2.1.0-1.el9.x86_64.rpm
+# package_path: /home/gpadmin/apache-cloudberry-db-incubating-2.1.0-1.el9.x86_64.rpm
+
+# Data disk device and mount point.
+# Must be set manually before running the playbook.
+# Run 'lsblk' on each host to identify the correct device name.
+#
+# Common device names by environment:
+#   /dev/sdb       — physical servers, VMware
+#   /dev/vdb       — KVM / OpenStack / Cloud ECS
+#   /dev/nvme0n1   — NVMe SSD (physical or cloud)
+#   /dev/xvdb      — AWS EC2 (older instance types)
+#
+# If you are using a cloud VM with only a single system disk (no dedicated
+# data disk), leave data_disk empty and create the data directory manually:
+#   mkdir -p /data && chown -R gpadmin:gpadmin /data
+# The XFS formatting and mount steps in site.yml will be skipped automatically.
+data_disk: "/dev/sdb"
+data_mount: "/data"
+
+# Data directories
+# coordinator_data_dir is used on both cdw and scdw.
+# primary_data_dir and mirror_data_dir are used on segment hosts.
+coordinator_data_dir: "/data/coordinator"
+primary_data_dir: "/data/primary"
+mirror_data_dir: "/data/mirror"
+
+# Number of primary segment instances per segment host.
+# Mirror instances are created 1:1 with primaries.
+# Recommended: set to the number of CPU cores / 4, or 2 for test environments.
+segments_per_host: 2
+
+# Ports
+# Ensure these ranges do not overlap with net.ipv4.ip_local_port_range (10000-65535).
+coordinator_port: 5432
+port_base: 6000
+mirror_port_base: 7000
+
+# Default database created during gpinitsystem
+database_name: "warehouse"
+
+# Coordinator and standby hostnames (must match inventory/hosts and /etc/hosts)
+coordinator_hostname: "cdw"
+standby_hostname: "scdw"

devops/deploy/ansible/inventory/hosts

@@ -0,0 +1,37 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+[coordinator]
+cdw ansible_host=192.168.1.x
+
+[standby]
+scdw ansible_host=192.168.1.x
+
+[segments]
+sdw1 ansible_host=192.168.1.x
+sdw2 ansible_host=192.168.1.x
+sdw3 ansible_host=192.168.1.x
+
+[cloudberry:children]
+coordinator
+standby
+segments
+
+[cloudberry:vars]
+ansible_user=root
+ansible_password=your_root_password_here
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'