From c025f4d2fc042ad6829e35810318893b738e2dde Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 14 Dec 2020 15:06:04 -0500
Subject: [PATCH] Fix firstboot.sh with selinux enabled

---
 confluent_osdeploy/el8/profiles/default/kickstart          | 7 +++----
 .../el8/profiles/default/scripts/firstboot.service         | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/confluent_osdeploy/el8/profiles/default/kickstart b/confluent_osdeploy/el8/profiles/default/kickstart
index 31e1a679..b4353dcf 100644
--- a/confluent_osdeploy/el8/profiles/default/kickstart
+++ b/confluent_osdeploy/el8/profiles/default/kickstart
@@ -67,16 +67,15 @@ curl -f https://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/po
 
 # Hook firstboot.sh
 curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.service > /mnt/sysimage/etc/systemd/system/firstboot.service
-curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/sysimage/etc/confluent/firstboot.sh
-chmod +x /mnt/sysimage/etc/confluent/firstboot.sh
+curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/sysimage/opt/confluent/bin/firstboot.sh
+chmod +x /mnt/sysimage/opt/confluent/bin/firstboot.sh
 %end
 
 %post
 cat /etc/confluent/tls/*.pem >> /etc/pki/tls/certs/ca-bundle.crt
 systemctl enable firstboot
 chgrp ssh_keys /etc/ssh/ssh*key
-restorecon /etc/ssh/ssh*key /root/.shosts /etc/ssh/shosts.equiv /etc/ssh/ssh_config.d/* /etc/confluent/firstboot.sh
-chcon -t bin_t /etc/confluent/firstboot.sh
+restorecon /etc/ssh/ssh*key /root/.shosts /etc/ssh/shosts.equiv /etc/ssh/ssh_config.d/* /opt/confluent/bin/firstboot.sh
 profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
 mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}')
 curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/postinst.sh
diff --git a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.service b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.service
index 0fefec09..209a95e6 100644
--- a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.service
+++ b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.service
@@ -4,7 +4,7 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-ExecStart=/etc/confluent/firstboot.sh
+ExecStart=/opt/confluent/bin/firstboot.sh
 
 [Install]
 WantedBy=multi-user.target