From 29991141f51b3c316c13599190ec34aafc7caf09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= <yberreby@protonmail.ch>
Date: Sun, 3 May 2020 11:17:10 +0200
Subject: [PATCH] misc: add script to copy SSH keys

This one has the advantage of actually working :)
I had to blacklist some hosts because they would either outright refuse
connections or would refuse my LDAP credentials.
---
 .gitignore        |  1 +
 copy-keys.sh      | 17 +++++++++++++++++
 ssh-blacklist.txt |  4 ++++
 3 files changed, 22 insertions(+)
 create mode 100755 copy-keys.sh
 create mode 100644 ssh-blacklist.txt

diff --git a/.gitignore b/.gitignore
index a8b42eb..fc586ce 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.retry
+ldap-password.txt
diff --git a/copy-keys.sh b/copy-keys.sh
new file mode 100755
index 0000000..e5343fd
--- /dev/null
+++ b/copy-keys.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+# Grab valid unique hostnames from the Ansible inventory.
+HOSTS=$(grep -ve '^[#\[]' hosts \
+| grep -ve '^$' \
+| grep -F adm.auro.re \
+| grep -vf ssh-blacklist.txt \
+| sort -u)
+
+for host in $HOSTS; do
+  echo "Handling host $host"
+
+  # sshpass can be used for non-interactive password authentication.
+  # place your password in ldap-password.txt.
+  sshpass -f ldap-password.txt ssh-copy-id "$host"
+done
diff --git a/ssh-blacklist.txt b/ssh-blacklist.txt
new file mode 100644
index 0000000..248f525
--- /dev/null
+++ b/ssh-blacklist.txt
@@ -0,0 +1,4 @@
+ldap-replica-edc-backup.adm.auro.re
+ldap-replica-fleming-backup.adm.auro.re
+ldap-replica-gs.adm.auro.re
+ldap-replica-gs-backup.adm.auro.re