From 4c2f29ba74b3038d546497086e427ec1e1910dfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Wed, 30 Dec 2020 16:50:52 +0100
Subject: [PATCH] Scan ssh keys for the "reverse" access from node to each
 other node

For example we would need access to master server with CA when generating certificates.
---
 orchestrate.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/orchestrate.py b/orchestrate.py
index 0217379..c9ef33c 100755
--- a/orchestrate.py
+++ b/orchestrate.py
@@ -136,14 +136,26 @@ if 'init' in args.actions:
     h = list(hosts.keys()) + ['%s.%s.' % (host, d) for host in hosts.keys()] + \
         ['%s.%s' % (host, d) for host in hosts.keys()] + list(hosts.values()) + [master_ip]
 
+    cycle_all = \
+        'echo -n At:; uname -n; for h in %s; do ssh -o StrictHostKeyChecking=no $h :; done' \
+        % (' '.join(h))
     commands = [
         ['ssh-keygen', '-R', master_ip],
         ['ssh', '-o', 'StrictHostKeyChecking=no', '%s@%s' % (user, master_ip), ':'],
         ['scp', '-p', 'hosts', '%s@%s:/tmp/' % (user, master_ip)],
         ['ssh', '%s@%s' % (user, master_ip), 'sudo mv -v /tmp/hosts /etc/hosts'],
-        ['ssh', '-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip),
-         'for h in %s; do ssh -o StrictHostKeyChecking=no %s@$h :; done' % (' '.join(h), user)],
+        # the frontend to all nodes
+        ['ssh', '-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip), cycle_all]
     ]
+    for node in hosts.keys():
+        # skip the frontend - covered by the command above
+        if node == master_hostname:
+            continue
+        # the node to all nodes
+        commands += [
+            ['ssh', '-o', 'ForwardAgent=yes', '%s@%s' % (user, master_ip),
+             'ssh -o ForwardAgent=yes %s \'%s\'' % ('%s.%s' % (node, d), cycle_all)],
+        ]
     for ip in hosts.values():
         commands += [
             ['ssh-keygen', '-R', ip],
-- 
GitLab