From d365a53757bcea6ab27e543b37810135ed3c0a43 Mon Sep 17 00:00:00 2001
From: Brandon Dunne <brandondunne@hotmail.com>
Date: Thu, 8 Dec 2022 18:25:20 -0500
Subject: [PATCH] pre-start is no longer needed if we mount the certs in
 /etc/pki

The problem with /var/lib/pgsql/data/userdata is if this is a new install,
initalizing the database will fail because the userdata directory is not
empty and it is expected to be empty.  Since the postgres configs are always
mounted on the pod we need the certs to be in a predictable location.
---
 Dockerfile                    |  1 -
 container-assets/on-start.sh  |  2 +-
 container-assets/pre-start.sh | 11 -----------
 3 files changed, 1 insertion(+), 13 deletions(-)
 delete mode 100755 container-assets/pre-start.sh

diff --git a/Dockerfile b/Dockerfile
index a524ea1..110cf36 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -135,7 +135,6 @@ RUN yum -y update postgresql-* && \
 
 ADD container-assets/container-scripts /opt/manageiq/container-scripts/
 ADD container-assets/on-start.sh ${APP_DATA}/src/postgresql-start/
-ADD container-assets/pre-start.sh ${APP_DATA}/src/postgresql-pre-start/
 
 # Loosen permission bits to avoid problems running container with arbitrary UID
 RUN /usr/libexec/fix-permissions /var/lib/pgsql && \
diff --git a/container-assets/on-start.sh b/container-assets/on-start.sh
index 03df013..223d26a 100755
--- a/container-assets/on-start.sh
+++ b/container-assets/on-start.sh
@@ -2,6 +2,6 @@
 
 psql --command "ALTER ROLE \"${POSTGRESQL_USER}\" SUPERUSER;"
 
-if [ -f /opt/app-root/src/certificates/server.key ]; then
+if [ -f /etc/pki/tls/private/server.key ]; then
   sed -i 's/host\(\b.*\)/hostssl\1/g' /var/lib/pgsql/data/userdata/pg_hba.conf
 fi
diff --git a/container-assets/pre-start.sh b/container-assets/pre-start.sh
deleted file mode 100755
index 4e79905..0000000
--- a/container-assets/pre-start.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-if [ ! -f /opt/app-root/src/certificates/server.key ]; then
-  echo "Skipping SSL setup, key not found."
-else
-  cp /opt/app-root/src/certificates/server.crt /var/lib/pgsql/data/userdata/server.crt
-  cp /opt/app-root/src/certificates/server.key /var/lib/pgsql/data/userdata/server.key
-
-  # Postgresql server will reject key files with liberal permissions
-  chmod og-rwx /var/lib/pgsql/data/userdata/server.key
-fi