commit 909cbe2dec03c3eb7c45652f30d9672a3d08da76
Author: Egon Rijpkema <git@egonrijpkema.nl>
Date:   Thu Aug 31 10:32:49 2017 +0200

    initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b5b35ef
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+secrets.yml
+*.retry
+*.pyc
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a97b860
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+# ssh keys repository
+
+The `users.yml` playbook contains users and public keys.
+The playbook uses `/etc/hosts` as a database for hosts to install the keys on.
+
+## usage:
+
+* Make changes to a local checkout of this repo.
+* `git commit` the changes, `git push` and `git pull` on xcat.
+* on xcat:
+
+```bash
+git pull
+ansible-playbook users.yml # this will install the users on all hosts in /etc/hosts.
+```
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..8378536
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+hostfile = hosts.py
diff --git a/hosts.py b/hosts.py
new file mode 100755
index 0000000..39a275e
--- /dev/null
+++ b/hosts.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+
+import argparse
+import json
+import sys
+
+
+def get_hosts(hosts_file='/etc/hosts'):
+    '''
+    Get the hostsnames from /etc/hosts.
+    Returns: A set of hostnames.
+    '''
+    rv = []
+    with open(hosts_file, 'r') as f:
+        for line in f:
+            if line == '\n':
+                continue
+            if line[0] == '#':
+                continue
+            rv.append(line.split()[1])
+    rv = set(rv)
+    ignore = {'localhost', 'ip6-allnodes', 'ip6-allrouters'}
+    return rv.difference(ignore)
+
+
+def get_args(args_list):
+    """
+    Parse the arguments and make sure only
+    that --list or --host is given, not both.
+    """
+    parser = argparse.ArgumentParser(
+        description='ansible inventory script parsing /etc/hosts')
+    mutex_group = parser.add_mutually_exclusive_group(required=True)
+    help_list = 'list all hosts from /etc/hosts'
+    mutex_group.add_argument('--list', action='store_true', help=help_list)
+    help_host = 'display variables for a host'
+    mutex_group.add_argument('--host', help=help_host)
+    return parser.parse_args(args_list)
+
+
+def main(args_list):
+    """
+    Print a json list of the hosts if --list is given.
+    Does not support host vars.
+    Print an empty dictionary if --host is passed to remain valid.
+    """
+    args = get_args(args_list)
+    if args.list:
+        print(json.dumps({
+            'all': {
+                'hosts': list(get_hosts()),
+            }
+        }))
+    if args.host:
+        print(json.dumps({}))
+
+
+if __name__ == '__main__':
+    main(sys.argv[1:])
diff --git a/users.yml b/users.yml
new file mode 100644
index 0000000..30b3b14
--- /dev/null
+++ b/users.yml
@@ -0,0 +1,48 @@
+# SSH keys of HPC colleagues.
+# for more advanced examples, see:
+# http://docs.ansible.com/ansible/latest/authorized_key_module.html
+---
+- name: Initial setup
+  hosts: all
+  become: True
+
+  tasks:
+    - group:
+        name: admin
+        state: present
+
+    - name: Passwordless sudo for admins
+      lineinfile: dest=/etc/sudoers line="%admin  ALL=(ALL:ALL) NOPASSWD:ALL"
+
+    - user:
+        name: wim
+        comment: "Wim Nap"
+        group: admin
+
+    - authorized_key:
+        user: wim
+        key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT'
+        state: present
+
+    - user:
+        name: egon
+        comment: "Egon Rijpkema"
+        group: admin
+
+    - authorized_key:
+        user: egon
+        key: '{{ item }}'
+        state: present
+      with_items:
+          - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUBdTEHUj6MxvfEU7KcI+UPAvqJ9jGJ7hHm3e7XFTb9 egon@egon-pc'
+          - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc'
+
+    - user:
+        name: hopko
+        comment: "Hopko Meijering"
+        group: admin
+
+    - authorized_key:
+        user: hopko
+        key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArQsJ0g/a5YOHlk7xcMpHNxiN+up4syzLZfgiICECET/SCDXUN4Xh3BlSWng8hMQMD5sNSADF4AghdLKfuqXG1MMSvzGSVTcRwiZ+Hq6YCoiinpQw0qu7LOZVZeoG8f7sGwhBqe0wKeyPe6Q7nRe0CXvM+aU4XfZz18O/d3mU1S7cEiue02MgH6ff6VTJFqOtLGpL1rILJn3t58N+2CCWxJwGplkp7hRJ9TnhQqCO+PN/p/4neusjembRu5lX+AKX1mv91WYURkxfLE3CWe9V9YJVG0lLgfXDMyghqkTwf8UsMHS5FBy8oTvuC55EhX+xm2Peo1lZlzy7t5Hg2fWYFQ== h.meijering@rug.nl'
+        state: present