Scan ssh keys for the "reverse" access from node to each other node

For example we would need access to master server with CA when generating certificates.

orchestrate.py

@@ -136,13 +136,25 @@ if 'init' in args.actions:
     h = list(hosts.keys()) + ['%s.%s.' % (host, d) for host in hosts.keys()] + \
         ['%s.%s' % (host, d) for host in hosts.keys()] + list(hosts.values()) + [master_ip]
 
+    cycle_all = \
+        'echo -n At:; uname -n; for h in %s; do ssh -o StrictHostKeyChecking=no $h :; done' \
+        % (' '.join(h))
     commands = [
         ['ssh-keygen', '-R', master_ip],
         ['ssh', '-o', 'StrictHostKeyChecking=no', '%s@%s' % (user, master_ip), ':'],
         ['scp', '-p', 'hosts', '%s@%s:/tmp/' % (user, master_ip)],
         ['ssh', '%s@%s' % (user, master_ip), 'sudo mv -v /tmp/hosts /etc/hosts'],
+        # the frontend to all nodes
+        ['ssh', '-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip), cycle_all]
+    ]
+    for node in hosts.keys():
+        # skip the frontend - covered by the command above
+        if node == master_hostname:
+            continue
+        # the node to all nodes
+        commands += [
             ['ssh', '-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip),
-         'for h in %s; do ssh -o StrictHostKeyChecking=no %s@$h :; done' % (' '.join(h), user)],
+             'ssh -o ForwardAgent=yes %s \'%s\'' % ('%s.%s' % (node, d), cycle_all)],
         ]
     for ip in hosts.values():
         commands += [