From 96780eb97514ca6f459af8fe8ae93bc38b2647c5 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Sun, 7 Jun 2026 07:45:09 -0400
Subject: [PATCH] Have apiclient and copernicus try port 1900, but accept if
 they cannot.

---
 .../common/initramfs/opt/confluent/bin/apiclient   | 10 ++++++++--
 confluent_osdeploy/utils/copernicus.c              | 14 +++++++-------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
index f66ada70..41ce044b 100644
--- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
@@ -160,11 +160,17 @@ def scan_confluents(confuuid=None):
     s6 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
     s6.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1)
     s6.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
-    s6.bind(('::', 1900))
+    try:  # We would like to bind for firewall rules, however if not possible then leave it alone
+        s6.bind(('::', 1900))
+    except Exception:
+        pass
     s4 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
     s4.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
     s4.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
-    s4.bind(('0.0.0.0', 1900))
+    try:
+        s4.bind(('0.0.0.0', 1900))
+    except Exception:
+        pass
     doneidxs = set([])
     msg = 'M-SEARCH * HTTP/1.1\r\nST: urn:xcat.org:service:confluent:'
     if not confuuid and os.path.exists('/etc/confluent/confluent.deploycfg'):
diff --git a/confluent_osdeploy/utils/copernicus.c b/confluent_osdeploy/utils/copernicus.c
index 3b92044c..bb49e8c3 100644
--- a/confluent_osdeploy/utils/copernicus.c
+++ b/confluent_osdeploy/utils/copernicus.c
@@ -121,10 +121,10 @@ int main(int argc, char* argv[]) {
     memset(last6msg, 0, 1024);
     addr.sin6_family = AF_INET6;
     addr.sin6_addr = in6addr_any;
-    addr.sin6_port = htons(190);
+    addr.sin6_port = htons(1900);  // Attempt to be consistent about source port for firewall
     addr4.sin_family = AF_INET;
     addr4.sin_addr.s_addr = htonl(INADDR_ANY);
-    addr4.sin_port = htons(190);
+    addr4.sin_port = htons(1900);
     dst.sin6_family = AF_INET6;
     dst.sin6_port = htons(1900);
     inet_pton(AF_INET6, "ff02::c", &dst.sin6_addr);
@@ -160,14 +160,14 @@ int main(int argc, char* argv[]) {
     if (setsockopt(ns, IPPROTO_IPV6, IPV6_V6ONLY, &ifidx, sizeof(ifidx)) != 0) {
         fprintf(stderr, "Unable to limit socket to IPv6 only\n");
     }
-    /* For now, bind to 190 to prove we are a privileged process */
+    /* For now, bind to 1900 to prove we are a privileged process */
     if (bind(n4, (const struct sockaddr *)&addr4, sizeof(addr4)) < 0) {
-        fprintf(stderr, "Error binding privilged port!\n");
-        exit(1);
+        //fprintf(stderr, "Error binding privilged port!\n");
+        //exit(1);
     }
     if (bind(ns, (const struct sockaddr *)&addr, sizeof(addr)) < 0) {
-        fprintf(stderr, "Error binding ipv6 privileged port!\n");
-        exit(1);
+        //fprintf(stderr, "Error binding ipv6 privileged port!\n");
+        //exit(1);
     }
     getifaddrs(&ifa);
     for (ifc = ifa; ifc != NULL; ifc = ifc->ifa_next) {