From 0b6e5fa63eb1af2fc713c31079259afae452da1a Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 15 Jun 2026 14:04:35 -0400
Subject: [PATCH] More work on SUSE16 deployment

---
 .../suse16/profiles/server/autoinstall.json   |  6 +---
 .../suse16/profiles/server/autoinstall.sh     |  5 ---
 .../profiles/server/scripts/firstboot.sh      | 10 ++----
 .../suse16/profiles/server/scripts/post.sh    | 25 ++++++++++++--
 .../profiles/server/scripts/prechroot.sh      | 34 +++++++++++--------
 5 files changed, 45 insertions(+), 35 deletions(-)

diff --git a/confluent_osdeploy/suse16/profiles/server/autoinstall.json b/confluent_osdeploy/suse16/profiles/server/autoinstall.json
index 1572a4ce..efc21b74 100644
--- a/confluent_osdeploy/suse16/profiles/server/autoinstall.json
+++ b/confluent_osdeploy/suse16/profiles/server/autoinstall.json
@@ -49,11 +49,7 @@
         "url": "https://%%DEPLOYER%%/confluent-public/os/%%PROFILE%%/scripts/post.sh",
         "chroot": true
       }
-    ],
-    "init": [{
-      "name": "confluent-init.sh",
-      "url": "https://%%DEPLOYER%%/confluent-public/os/%%PROFILE%%/scripts/firstboot.sh"
-    }]
+    ]
   }
 }
 
diff --git a/confluent_osdeploy/suse16/profiles/server/autoinstall.sh b/confluent_osdeploy/suse16/profiles/server/autoinstall.sh
index 0867ca45..72ab04a9 100644
--- a/confluent_osdeploy/suse16/profiles/server/autoinstall.sh
+++ b/confluent_osdeploy/suse16/profiles/server/autoinstall.sh
@@ -21,9 +21,4 @@ chmod +x /tmp/pre.sh
 kill $tailpid
 agama config load /tmp/autoinstall.json > $serialcons 2>&1
 agama install > $serialcons 2>&1
-python3 /opt/confluent/bin/apiclient /confluent-public/os/$profile/scripts/post.sh > /tmp/post.sh 2> $serialcons
-chmod +x /tmp/post.sh
-touch /tmp/confluent-post.log
-tail -f /tmp/confluent-post.log > $serialcons 2>&1 &
-/tmp/post.sh > $serialcons 2>&1
 agama finish > $serialcons 2>&1
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh b/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh
index 23f14579..2f3cdab3 100644
--- a/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh
@@ -13,7 +13,6 @@ v6cfg=${v6cfg#ipv6_method: }
 if [ "$v6cfg" = "static" ]; then
     confluent_mgr=$(grep ^deploy_server_v6: /etc/confluent/confluent.deploycfg)
     confluent_mgr=${confluent_mgr#deploy_server_v6: }
-    confluent_mgr="[$confluent_mgr]"
 else
     confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg)
     confluent_mgr=${confluent_mgr#deploy_server: }
@@ -27,13 +26,8 @@ while (! ping -c 1 $confluent_mgr >& /dev/null) && [ $(date +%s) -lt $GIVUP ]; d
 	sleep 1
 done
 
-for i in  /etc/ssh/ssh_host*key.pub; do
-    certname=${i/.pub/-cert.pub}
-    curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname
-done
-systemctl restart sshd
+export confluent_mgr
 run_remote_python confignet
-run_remote firstboot.custom
 
 # Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh
 run_remote_parts firstboot.d
@@ -41,4 +35,4 @@ run_remote_parts firstboot.d
 # Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/
 run_remote_config firstboot.d
 
-curl --capath /etc/confluent/tls -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -f -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus
+python3 /opt/confluent/bin/apiclient /confluent-api/self/updatestatus -d 'status: complete'
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/post.sh b/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
index 38b51a24..432d54e3 100644
--- a/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
@@ -14,7 +14,10 @@ chmod 700 /var/log/confluent
 exec >> /var/log/confluent/confluent-post.log
 exec 2>> /var/log/confluent/confluent-post.log
 chmod 600 /var/log/confluent/confluent-post.log
-confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
+confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+if [ -z "$confluent_mgr" ] || [ "$confluent_mgr" = "none" ] || [ "$confluent_mgr" = "null" ]; then
+    confluent_mgr=$(grep ^deploy_server_v6: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+fi
 confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
 nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
 confluent_apikey=$(cat /etc/confluent/confluent.apikey)
@@ -38,5 +41,23 @@ run_remote_parts post.d
 # Induce execution of remote configuration, e.g. ansible plays in ansible/post.d/
 run_remote_config post.d
 
-curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" https://$confluent_mgr/confluent-api/self/updatestatus
+# stage firstboot, agama could be used, but we can stage it here to keep impact on agama json minimal
+mkdir -p /opt/confluent/bin
+python3 /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/firstboot.sh > /opt/confluent/bin/firstboot.sh
+cat >/etc/systemd/system/confluent-firstboot.service <<EOF
+[Unit]
+Description=First Boot Process
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart=/opt/confluent/bin/firstboot.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl enable firstboot
+systemctl enable sshd
+python3 /opt/confluent/bin/apiclient /confluent-api/self/updatestatus -d 'status: staged'
 
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh b/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh
index 527703e4..71ba1f05 100644
--- a/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh
@@ -4,30 +4,34 @@
 # is still running, with the to-be-booted system mounted in /mnt
 
 # carry over deployment configuration and api key for OS install action
-confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
+
 confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
 nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
-export confluent_mgr confluent_profile nodename
+export confluent_profile nodename
 mkdir -p /mnt/etc/confluent
 chmod 700 /mnt/etc/confluent
-cp /tmp/functions /mnt/etc/confluent/
-. /tmp/functions
+cp /etc/confluent/functions /mnt/etc/confluent/
+. /etc/confluent/functions
 cp -a /etc/confluent/* /mnt/etc/confluent/
-cp -a /tls /mnt/etc/confluent/
-cp -a /tls/* /mnt/var/lib/ca-certificates/openssl
-cp -a /tls/* /mnt/var/lib/ca-certificates/pem
-cp -a /tls/*.pem /mnt/etc/pki/trust/anchors
-cat /tls/*.pem > /mnt/etc/confluent/ca.pem
+cp -a /etc/confluent/tls/* /mnt/var/lib/ca-certificates/openssl
+cp -a /etc/confluent/tls/* /mnt/var/lib/ca-certificates/pem
+cp -a /etc/confluent/tls/*.pem /mnt/etc/pki/trust/anchors
+cat /etc/confluent/tls/*.pem > /mnt/etc/confluent/ca.pem
 mkdir -p /mnt/opt/confluent/bin
 cp /opt/confluent/bin/apiclient /mnt/opt/confluent/bin/
 
-run_remote setupssh.sh
+#run_remote setupssh.sh
+cp /etc/ssh/ssh*key* /mnt/etc/ssh/
+mkdir -p /mnt/etc/ssh/sshd_config.d/
+cp /etc/ssh/sshd_config.d/20_hostkeys.conf /mnt/etc/ssh/sshd_config.d/
+mkdir -p /mnt/root/.ssh/
+cp /root/.ssh/authorized_keys /mnt/root/.ssh/
 
-echo Port 22 >> /etc/ssh/sshd_config
-echo Port 2222 >> /etc/ssh/sshd_config
-echo Match LocalPort 22 >> /etc/ssh/sshd_config
-echo "    ChrootDirectory /mnt" >> /etc/ssh/sshd_config
-kill -HUP $(cat /run/sshd.pid)
+echo Port 22 >> /etc/ssh/sshd_config.d/00-chroot.conf
+echo Port 2222 >> /etc/ssh/sshd_config.d/00-chroot.conf
+echo Match LocalPort 22 >> /etc/ssh/sshd_config.d/00-chroot.conf
+echo "    ChrootDirectory /mnt" >> /etc/ssh/sshd_config.d/00-chroot.conf
+systemctl restart sshd
 mkdir -p /mnt/var/log/confluent
 cp /tmp/confluent*log /mnt/var/log/confluent