From 6f3b117d37ea4b4ef935d813754adb6e4ea82f8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 12:35:34 +0100
Subject: [PATCH 01/11] chown on SSL keys

---
 src/pgsql/bin/postgres/entrypoint.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 7f6da843..b09652cd 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -42,7 +42,8 @@ else
     fi
 fi
 
-chown -R postgres $PGDATA && chmod -R 0700 $PGDATA
+KEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+chown -R postgres $PGDATA $KEYS && chmod -R 0700 $PGDATA $KEYS
 
 source /usr/local/bin/cluster/repmgr/configure.sh
 

From 8a94e050e7a569a4c5f101d6b31e75a0b4a961f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 12:55:21 +0100
Subject: [PATCH 02/11] Loop over keys and copy from one path to another to
 avoid secret-read-only

---
 src/pgsql/bin/postgres/entrypoint.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index b09652cd..e23e40bf 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -42,7 +42,18 @@ else
     fi
 fi
 
-KEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+# Tweak keys to avoid permission issues:
+ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+KEYS=""
+
+for file in ${KEYS}; do
+    if [ -f /pg-ssl/$(dirname ${file}) ]; then
+        echo ">>> Copying SSL file from /pg-ssl/$(dirname ${file}) to ${file}"
+        cat /pg-ssl/$(dirname ${file}) > ${file}
+        KEYS="$KEYS ${file}"
+    fi
+done
+
 chown -R postgres $PGDATA $KEYS && chmod -R 0700 $PGDATA $KEYS
 
 source /usr/local/bin/cluster/repmgr/configure.sh

From 58b9c3604f0856a6196f2f2e228ed0b83b308b38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 12:56:51 +0100
Subject: [PATCH 03/11] Fix var name

---
 src/pgsql/bin/postgres/entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index e23e40bf..a4178a39 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -46,7 +46,7 @@ fi
 ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
 KEYS=""
 
-for file in ${KEYS}; do
+for file in ${ORIGKEYS}; do
     if [ -f /pg-ssl/$(dirname ${file}) ]; then
         echo ">>> Copying SSL file from /pg-ssl/$(dirname ${file}) to ${file}"
         cat /pg-ssl/$(dirname ${file}) > ${file}

From f4bfce307240226b9fb8fcb18efa70d2eda628ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 13:07:22 +0100
Subject: [PATCH 04/11] Fix paths on creation

---
 src/pgsql/bin/postgres/entrypoint.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index a4178a39..2ffa3023 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -47,9 +47,10 @@ ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "
 KEYS=""
 
 for file in ${ORIGKEYS}; do
-    if [ -f /pg-ssl/$(dirname ${file}) ]; then
-        echo ">>> Copying SSL file from /pg-ssl/$(dirname ${file}) to ${file}"
-        cat /pg-ssl/$(dirname ${file}) > ${file}
+    if [ -f /pg-ssl/$(basename ${file}) ]; then
+        echo ">>> Copying SSL file from /pg-ssl/$(basename ${file}) to ${file}"
+        mkdir -p $(dirname ${file})
+        cat /pg-ssl/$(basename ${file}) > ${file}
         KEYS="$KEYS ${file}"
     fi
 done

From 1326a4abd5e2673829fe09c28db3361b3398cd6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 13:39:09 +0100
Subject: [PATCH 05/11] Relocate upper in the file

---
 src/pgsql/bin/postgres/entrypoint.sh | 30 +++++++++++++++-------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 2ffa3023..4253109d 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -16,6 +16,21 @@ else
     postgres_configure
 fi
 
+# Tweak keys to avoid permission issues:
+ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+KEYS=""
+
+for file in ${ORIGKEYS}; do
+    if [ -f /pg-ssl/$(basename ${file}) ]; then
+        echo ">>> Copying SSL file from /pg-ssl/$(basename ${file}) to ${file}"
+        mkdir -p $(dirname ${file})
+        cat /pg-ssl/$(basename ${file}) > ${file}
+        KEYS="$KEYS ${file}"
+    fi
+done
+
+chown -R postgres $KEYS
+chmod -R 0700  $KEYS
 
 export CURRENT_REPLICATION_PRIMARY_HOST=""
 CURRENT_MASTER=`cluster_master || echo ''`
@@ -42,20 +57,7 @@ else
     fi
 fi
 
-# Tweak keys to avoid permission issues:
-ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
-KEYS=""
-
-for file in ${ORIGKEYS}; do
-    if [ -f /pg-ssl/$(basename ${file}) ]; then
-        echo ">>> Copying SSL file from /pg-ssl/$(basename ${file}) to ${file}"
-        mkdir -p $(dirname ${file})
-        cat /pg-ssl/$(basename ${file}) > ${file}
-        KEYS="$KEYS ${file}"
-    fi
-done
-
-chown -R postgres $PGDATA $KEYS && chmod -R 0700 $PGDATA $KEYS
+chown -R postgres $PGDATA && chmod -R 0700 $PGDATA
 
 source /usr/local/bin/cluster/repmgr/configure.sh
 

From 20af7f15e496069fd5ab1cfc5f88925000c37ca5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 13:57:28 +0100
Subject: [PATCH 06/11] Code was failing because it checked for file, not
 symlink'

---
 src/pgsql/bin/postgres/entrypoint.sh | 31 ++++++++++++++--------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 4253109d..0ae97f8b 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -16,21 +16,6 @@ else
     postgres_configure
 fi
 
-# Tweak keys to avoid permission issues:
-ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
-KEYS=""
-
-for file in ${ORIGKEYS}; do
-    if [ -f /pg-ssl/$(basename ${file}) ]; then
-        echo ">>> Copying SSL file from /pg-ssl/$(basename ${file}) to ${file}"
-        mkdir -p $(dirname ${file})
-        cat /pg-ssl/$(basename ${file}) > ${file}
-        KEYS="$KEYS ${file}"
-    fi
-done
-
-chown -R postgres $KEYS
-chmod -R 0700  $KEYS
 
 export CURRENT_REPLICATION_PRIMARY_HOST=""
 CURRENT_MASTER=`cluster_master || echo ''`
@@ -57,7 +42,21 @@ else
     fi
 fi
 
-chown -R postgres $PGDATA && chmod -R 0700 $PGDATA
+# Tweak keys to avoid permission issues:
+ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+KEYS=""
+
+for file in ${ORIGKEYS}; do
+    # Check for file or link pointing to file
+    if [ -e /pg-ssl/$(basename ${file}) ]; then
+        echo ">>> Copying SSL file from /pg-ssl/$(basename ${file}) to ${file}"
+        mkdir -p $(dirname ${file})
+        cat /pg-ssl/$(basename ${file}) > ${file}
+        KEYS="$KEYS ${file}"
+    fi
+done
+
+chown -R postgres $PGDATA $KEYS && chmod -R 0700 $PGDATA $KEYS
 
 source /usr/local/bin/cluster/repmgr/configure.sh
 

From 941231a61d7c9ae950241d6dd103ee63bd76ac2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 14:26:05 +0100
Subject: [PATCH 07/11] Move keys grab to env var as config didn't exist

---
 src/pgsql/bin/postgres/entrypoint.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 0ae97f8b..55e4b9be 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -42,10 +42,13 @@ else
     fi
 fi
 
+
+echo ">>> Trying to configure SSL"
 # Tweak keys to avoid permission issues:
-ORIGKEYS=$(egrep '(ssl_cert_file|ssl_key_file)' $PGDATA/postgresql.conf|cut -d "=" -f 2-)
+ORIGKEYS=$(echo $CONFIGS|tr "," "\n"|egrep '(ssl_cert_file|ssl_key_file)'|cut -d ":" -f 2-)
 KEYS=""
 
+echo ">>> Trying to move ${ORIGKEYS} to proper folder"
 for file in ${ORIGKEYS}; do
     # Check for file or link pointing to file
     if [ -e /pg-ssl/$(basename ${file}) ]; then

From abc4e420f2ee6452c298f1c88210eeb6c11a1690 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 15:13:49 +0100
Subject: [PATCH 08/11] Output error on missing file

---
 src/pgsql/bin/postgres/entrypoint.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 55e4b9be..8f67d385 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -45,7 +45,7 @@ fi
 
 echo ">>> Trying to configure SSL"
 # Tweak keys to avoid permission issues:
-ORIGKEYS=$(echo $CONFIGS|tr "," "\n"|egrep '(ssl_cert_file|ssl_key_file)'|cut -d ":" -f 2-)
+ORIGKEYS=$(echo $CONFIGS|tr "," "\n"|egrep '(ssl_cert_file|ssl_key_file)'|cut -d ":" -f 2-|tr "\n" " ")
 KEYS=""
 
 echo ">>> Trying to move ${ORIGKEYS} to proper folder"
@@ -56,6 +56,8 @@ for file in ${ORIGKEYS}; do
         mkdir -p $(dirname ${file})
         cat /pg-ssl/$(basename ${file}) > ${file}
         KEYS="$KEYS ${file}"
+    else:
+        echo ">>> ERROR: SSL File ${file} doesn't exist on disk"
     fi
 done
 

From 536e1ea41d9866272e3d05408d24266ac0a09c04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Wed, 5 Dec 2018 15:35:46 +0100
Subject: [PATCH 09/11] Remove trailing \' that affect the keys setup

---
 src/pgsql/bin/postgres/entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pgsql/bin/postgres/entrypoint.sh b/src/pgsql/bin/postgres/entrypoint.sh
index 8f67d385..1298dcb9 100755
--- a/src/pgsql/bin/postgres/entrypoint.sh
+++ b/src/pgsql/bin/postgres/entrypoint.sh
@@ -45,7 +45,7 @@ fi
 
 echo ">>> Trying to configure SSL"
 # Tweak keys to avoid permission issues:
-ORIGKEYS=$(echo $CONFIGS|tr "," "\n"|egrep '(ssl_cert_file|ssl_key_file)'|cut -d ":" -f 2-|tr "\n" " ")
+ORIGKEYS=$(echo $CONFIGS|tr "," "\n"|egrep '(ssl_cert_file|ssl_key_file)'|cut -d ":" -f 2-|tr "\n" " "|tr -d "\'")
 KEYS=""
 
 echo ">>> Trying to move ${ORIGKEYS} to proper folder"
@@ -56,7 +56,7 @@ for file in ${ORIGKEYS}; do
         mkdir -p $(dirname ${file})
         cat /pg-ssl/$(basename ${file}) > ${file}
         KEYS="$KEYS ${file}"
-    else:
+    else
         echo ">>> ERROR: SSL File ${file} doesn't exist on disk"
     fi
 done

From 8ea1c33d8249d76a93ca1007b6b409be0be6bc43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Mon, 10 Dec 2018 16:40:00 +0100
Subject: [PATCH 10/11] Try forcing port on local connection

---
 src/pgsql/bin/repmgr/configure.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pgsql/bin/repmgr/configure.sh b/src/pgsql/bin/repmgr/configure.sh
index 9333bc5a..09e9ae4c 100755
--- a/src/pgsql/bin/repmgr/configure.sh
+++ b/src/pgsql/bin/repmgr/configure.sh
@@ -17,7 +17,7 @@ pg_bindir=/usr/lib/postgresql/$PG_MAJOR/bin
 
 $REPMGR_NODE_ID_PARAM_NAME=$(get_node_id)
 node_name=$NODE_NAME
-conninfo='user=$REPLICATION_USER password=$REPLICATION_PASSWORD host=$CLUSTER_NODE_NETWORK_NAME dbname=$REPLICATION_DB port=$REPLICATION_PRIMARY_PORT connect_timeout=$CONNECT_TIMEOUT'
+conninfo='user=$REPLICATION_USER password=$REPLICATION_PASSWORD host=$CLUSTER_NODE_NETWORK_NAME dbname=$REPLICATION_DB port=5432 connect_timeout=$CONNECT_TIMEOUT'
 failover=automatic
 promote_command='PGPASSWORD=$REPLICATION_PASSWORD repmgr standby promote --log-level DEBUG --verbose'
 follow_command='PGPASSWORD=$REPLICATION_PASSWORD repmgr standby follow -W --log-level DEBUG --verbose'

From 3b206d32e5294ec2301047b21630fffa106f4e8f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= <Pablo.Iranzo@gmail.com>
Date: Fri, 14 Dec 2018 14:01:43 +0100
Subject: [PATCH 11/11] Undo change on configuration script

---
 src/pgsql/bin/repmgr/configure.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pgsql/bin/repmgr/configure.sh b/src/pgsql/bin/repmgr/configure.sh
index 09e9ae4c..9333bc5a 100755
--- a/src/pgsql/bin/repmgr/configure.sh
+++ b/src/pgsql/bin/repmgr/configure.sh
@@ -17,7 +17,7 @@ pg_bindir=/usr/lib/postgresql/$PG_MAJOR/bin
 
 $REPMGR_NODE_ID_PARAM_NAME=$(get_node_id)
 node_name=$NODE_NAME
-conninfo='user=$REPLICATION_USER password=$REPLICATION_PASSWORD host=$CLUSTER_NODE_NETWORK_NAME dbname=$REPLICATION_DB port=5432 connect_timeout=$CONNECT_TIMEOUT'
+conninfo='user=$REPLICATION_USER password=$REPLICATION_PASSWORD host=$CLUSTER_NODE_NETWORK_NAME dbname=$REPLICATION_DB port=$REPLICATION_PRIMARY_PORT connect_timeout=$CONNECT_TIMEOUT'
 failover=automatic
 promote_command='PGPASSWORD=$REPLICATION_PASSWORD repmgr standby promote --log-level DEBUG --verbose'
 follow_command='PGPASSWORD=$REPLICATION_PASSWORD repmgr standby follow -W --log-level DEBUG --verbose'