michaelschiemer/.deployment-backup/ansible/nginx-cdn-germany/scripts/ssh-keys.sh

#!/bin/bash
# SSH-Schlüssel Management für CDN

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

show_help() {
    echo "CDN SSH Key Management"
    echo ""
    echo "Usage: $0 [OPTION]"
    echo ""
    echo "Options:"
    echo "  single     - Ein Schlüssel für alle Nodes (Standard)"
    echo "  individual - Separater Schlüssel pro Node"
    echo "  grouped    - Gruppierte Schlüssel (Primary/Secondary)"
    echo "  generate   - SSH-Schlüssel generieren"
    echo "  deploy     - Öffentliche Schlüssel zu Servern kopieren"
    echo "  help       - Diese Hilfe anzeigen"
}

generate_single_key() {
    echo "🔑 Generiere einen SSH-Schlüssel für alle CDN-Nodes..."
    
    if [ ! -f ~/.ssh/cdn_key ]; then
        ssh-keygen -t ed25519 -C "cdn-deployment" -f ~/.ssh/cdn_key -N ""
        echo "✅ Schlüssel generiert: ~/.ssh/cdn_key"
    else
        echo "ℹ️  Schlüssel existiert bereits: ~/.ssh/cdn_key"
    fi
    
    # Inventar anpassen
    sed -i 's|ansible_ssh_private_key_file: .*|ansible_ssh_private_key_file: ~/.ssh/cdn_key|' \
        "$SCRIPT_DIR/../inventories/production/hosts.yml"
    
    echo "✅ Inventar aktualisiert"
}

generate_individual_keys() {
    echo "🔑 Generiere individuelle SSH-Schlüssel..."
    
    NODES=("cdn_fra1" "cdn_ham1" "cdn_muc1" "origin1" "origin2")
    
    for node in "${NODES[@]}"; do
        if [ ! -f ~/.ssh/${node}_key ]; then
            ssh-keygen -t ed25519 -C "cdn-${node}" -f ~/.ssh/${node}_key -N ""
            echo "✅ Schlüssel generiert: ~/.ssh/${node}_key"
        else
            echo "ℹ️  Schlüssel existiert bereits: ~/.ssh/${node}_key"
        fi
    done
    
    echo "✅ Alle individuellen Schlüssel generiert"
    echo "💡 Verwende: cp inventories/production/hosts-individual-keys.yml.example inventories/production/hosts.yml"
}

generate_grouped_keys() {
    echo "🔑 Generiere gruppierte SSH-Schlüssel..."
    
    GROUPS=("origin_servers" "cdn_primary" "cdn_secondary")
    
    for group in "${GROUPS[@]}"; do
        if [ ! -f ~/.ssh/${group}_key ]; then
            ssh-keygen -t ed25519 -C "cdn-${group}" -f ~/.ssh/${group}_key -N ""
            echo "✅ Schlüssel generiert: ~/.ssh/${group}_key"
        else
            echo "ℹ️  Schlüssel existiert bereits: ~/.ssh/${group}_key"
        fi
    done
    
    echo "✅ Alle gruppierten Schlüssel generiert"
    echo "💡 Verwende: cp inventories/production/hosts-grouped-keys.yml.example inventories/production/hosts.yml"
}

deploy_keys() {
    echo "🚀 Deploye öffentliche Schlüssel zu den Servern..."
    
    # Lese IPs aus dem Inventar
    IPS=$(grep "ansible_host:" "$SCRIPT_DIR/../inventories/production/hosts.yml" | awk '{print $2}' | sort | uniq)
    
    for ip in $IPS; do
        echo "Deploying to $ip..."
        
        # Versuche verschiedene Schlüssel
        for key in ~/.ssh/*_key ~/.ssh/cdn_key ~/.ssh/id_rsa; do
            if [ -f "$key" ]; then
                echo "  Versuche Schlüssel: $key"
                if ssh-copy-id -i "${key}.pub" "root@$ip" 2>/dev/null; then
                    echo "  ✅ Erfolgreich: $key -> $ip"
                    break
                fi
            fi
        done
    done
}

case "$1" in
    "single")
        generate_single_key
        ;;
    "individual")
        generate_individual_keys
        ;;
    "grouped")
        generate_grouped_keys
        ;;
    "generate")
        echo "Welche Art von Schlüsseln?"
        echo "1) Ein Schlüssel für alle (empfohlen für Start)"
        echo "2) Individuelle Schlüssel pro Node (sicherste)"
        echo "3) Gruppierte Schlüssel (Kompromiss)"
        read -p "Wähle (1-3): " choice
        
        case $choice in
            1) generate_single_key ;;
            2) generate_individual_keys ;;
            3) generate_grouped_keys ;;
            *) echo "Ungültige Auswahl" ;;
        esac
        ;;
    "deploy")
        deploy_keys
        ;;
    "help"|*)
        show_help
        ;;
esac