diff --git a/confluent_osdeploy/suse16/profiles/server/autoinstall.json b/confluent_osdeploy/suse16/profiles/server/autoinstall.json
index 4b62b105..1572a4ce 100644
--- a/confluent_osdeploy/suse16/profiles/server/autoinstall.json
+++ b/confluent_osdeploy/suse16/profiles/server/autoinstall.json
@@ -50,10 +50,10 @@
         "chroot": true
       }
     ],
-    "init": {
+    "init": [{
       "name": "confluent-init.sh",
       "url": "https://%%DEPLOYER%%/confluent-public/os/%%PROFILE%%/scripts/firstboot.sh"
-    }
+    }]
   }
 }
 
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh b/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh
new file mode 100644
index 00000000..23f14579
--- /dev/null
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/firstboot.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+HOME=$(getent passwd $(whoami)|cut -d: -f 6)
+export HOME
+
+# This script runs at the end of the final boot, updating status
+exec >> /var/log/confluent/confluent-firstboot.log
+exec 2>> /var/log/confluent/confluent-firstboot.log
+chmod 600 /var/log/confluent/confluent-firstboot.log
+
+nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
+v6cfg=$(grep ^ipv6_method: /etc/confluent/confluent.deploycfg)
+v6cfg=${v6cfg#ipv6_method: }
+if [ "$v6cfg" = "static" ]; then
+    confluent_mgr=$(grep ^deploy_server_v6: /etc/confluent/confluent.deploycfg)
+    confluent_mgr=${confluent_mgr#deploy_server_v6: }
+    confluent_mgr="[$confluent_mgr]"
+else
+    confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg)
+    confluent_mgr=${confluent_mgr#deploy_server: }
+fi
+confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
+proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg |awk '{print $2}')
+confluent_apikey=$(cat /etc/confluent/confluent.apikey)
+. /etc/confluent/functions
+GIVUP=$(($(date +%s) + 60))
+while (! ping -c 1 $confluent_mgr >& /dev/null) && [ $(date +%s) -lt $GIVUP ]; do
+	sleep 1
+done
+
+for i in  /etc/ssh/ssh_host*key.pub; do
+    certname=${i/.pub/-cert.pub}
+    curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname
+done
+systemctl restart sshd
+run_remote_python confignet
+run_remote firstboot.custom
+
+# Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh
+run_remote_parts firstboot.d
+
+# Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/
+run_remote_config firstboot.d
+
+curl --capath /etc/confluent/tls -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -f -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/post.sh b/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
index be4e2d80..38b51a24 100644
--- a/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/post.sh
@@ -9,6 +9,7 @@
 # If there are dependencies on the kernel (drivers or special filesystems)
 # then firstboot.sh would be the script to customize.
 
+mkdir -p /var/log/confluent
 chmod 700 /var/log/confluent
 exec >> /var/log/confluent/confluent-post.log
 exec 2>> /var/log/confluent/confluent-post.log
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/pre.sh b/confluent_osdeploy/suse16/profiles/server/scripts/pre.sh
index 9aac05b1..5cd4ee5b 100644
--- a/confluent_osdeploy/suse16/profiles/server/scripts/pre.sh
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/pre.sh
@@ -22,16 +22,16 @@ for pubkey in /etc/ssh/ssh_host_*key.pub; do
 done
 systemctl restart sshd
 python3 /opt/confluent/bin/apiclient /confluent-public/os/$profile/autoinstall.json > /tmp/autoinstall.json
-deployserver=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
+deployserver=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}')
 if [ -z "$deployserver" ] || [ "$deployserver" = "none" ] || [ "$deployserver" = "null" ]; then
-    deployserver=$(grep ^deploy_server_v6 /etc/confluent/confluent.deploycfg|awk '{print $2}')
+    deployserver=$(grep ^deploy_server_v6: /etc/confluent/confluent.deploycfg|awk '{print $2}')
 fi
 if [[ "$deployserver" == *":"* ]]; then
     deployserver="[$deployserver]"
 fi
-
+source /etc/confluent/functions
 run_remote_parts pre.d
-sed -i s!%%DEPLOYSERVER%%!$deployserver!g /tmp/autoinstall.json
+sed -i s!%%DEPLOYER%%!$deployserver!g /tmp/autoinstall.json
 sed -i s!%%PROFILE%%!$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}')!g /tmp/autoinstall.json
 sed -i s!%%ROOTPASSWORD%%!$(grep ^rootpassword: /etc/confluent/confluent.deploycfg|awk '{print $2}')!g /tmp/autoinstall.json
 sed -i s!%%NODENAME%%!$(hostname)!g /tmp/autoinstall.json
@@ -46,7 +46,7 @@ sed -i 's!%%TIMEZONE%%!'$tz'!g' /tmp/autoinstall.json
 sed -i 's!%%LOCALE%%!'$locale'!g' /tmp/autoinstall.json
 sed -i 's!%%KEYMAP%%!'$keymap'!g' /tmp/autoinstall.json
 if [ ! -e /tmp/installdisk ]; then
-    python3 /tmp/getinstalldisk > $serialcons 2>&1
+    python3 /tmp/getinstalldisk
 fi
 installdisk=$(cat /tmp/installdisk)
 if [ -z "$installdisk" ]; then
diff --git a/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh b/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh
new file mode 100644
index 00000000..527703e4
--- /dev/null
+++ b/confluent_osdeploy/suse16/profiles/server/scripts/prechroot.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# This script runs when install is finished, but while the installer
+# is still running, with the to-be-booted system mounted in /mnt
+
+# carry over deployment configuration and api key for OS install action
+confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
+confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
+nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
+export confluent_mgr confluent_profile nodename
+mkdir -p /mnt/etc/confluent
+chmod 700 /mnt/etc/confluent
+cp /tmp/functions /mnt/etc/confluent/
+. /tmp/functions
+cp -a /etc/confluent/* /mnt/etc/confluent/
+cp -a /tls /mnt/etc/confluent/
+cp -a /tls/* /mnt/var/lib/ca-certificates/openssl
+cp -a /tls/* /mnt/var/lib/ca-certificates/pem
+cp -a /tls/*.pem /mnt/etc/pki/trust/anchors
+cat /tls/*.pem > /mnt/etc/confluent/ca.pem
+mkdir -p /mnt/opt/confluent/bin
+cp /opt/confluent/bin/apiclient /mnt/opt/confluent/bin/
+
+run_remote setupssh.sh
+
+echo Port 22 >> /etc/ssh/sshd_config
+echo Port 2222 >> /etc/ssh/sshd_config
+echo Match LocalPort 22 >> /etc/ssh/sshd_config
+echo "    ChrootDirectory /mnt" >> /etc/ssh/sshd_config
+kill -HUP $(cat /run/sshd.pid)
+mkdir -p /mnt/var/log/confluent
+cp /tmp/confluent*log /mnt/var/log/confluent
+