From a5c4b64c60c63e26716eb16c5e47be4137de8f71 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 15 Jan 2021 08:25:12 -0500
Subject: [PATCH] Have Genesis better work with BMC install

In a BMC install, the certificate may fail and we may
have ability to port forward 3389 but not 22.

Support normal and enhanced certificate behavior
when possible, but degrade to cert-less ssh and
also port 3389
---
 .../genesis/initramfs/opt/confluent/bin/rungenesis | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/confluent_osdeploy/genesis/initramfs/opt/confluent/bin/rungenesis b/confluent_osdeploy/genesis/initramfs/opt/confluent/bin/rungenesis
index 312ad240..6f98b9b1 100644
--- a/confluent_osdeploy/genesis/initramfs/opt/confluent/bin/rungenesis
+++ b/confluent_osdeploy/genesis/initramfs/opt/confluent/bin/rungenesis
@@ -28,6 +28,8 @@ modprobe hfi1
 modprobe mlx5_ib
 echo "done"
 cat > /etc/ssh/sshd_config << EOF
+Port 22
+Port 3389
 PermitRootLogin yes
 AuthorizedKeysFile      .ssh/authorized_keys
 EOF
@@ -81,7 +83,9 @@ for pubkey in /etc/ssh/ssh_host*key.pub; do
     certfile=${pubkey/.pub/-cert.pub}
     privfile=${pubkey%.pub}
     /usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/sshcert $pubkey > $certfile
-    echo HostCertificate $certfile >> /etc/ssh/sshd_config
+    if [ -s $certfile ]; then
+        echo HostCertificate $certfile >> /etc/ssh/sshd_config
+    fi
     echo HostKey $privfile >> /etc/ssh/sshd_config
 done
 /usr/sbin/sshd
@@ -95,11 +99,3 @@ run_remote onboot.sh
 while :; do
     bash
 done
-
-    
-
-
-
-
-cd -
-