While not looking at any code (I’ve seen enough ‘spaghetti code’ and APIs) the comment (above) about ‘websocket design’ caught my eye.
A ‘websocket design’ would mean a client server model. -i.e., not as “user friendly” -e.g. a user would have to build a client which isn’t a bad thing if you provide a skeleton and/or are dealing with other developers who understand what a websock is. And what I’m saying is that ‘websock’ has moving parts like “authorization”, so depending on how the truenas websock api is written, you (read: users of your script) would probably need a key or something like that which is far more overhead than necessary for something like this.
I’d be tempted to deploy/design this as a pull operation where each target uploads their pub key to a source and makes requests of the source based on a scheduler. The source would “know about” targets (aka: have an ‘authorization’ list based upon these keys) and errors in the system would be isolated to the source being down vs the source script potentially crashing if one target is down (and not completing tasks for the other targets) used in a push method.
However, if you insist on the push method, I would have probably started with modifying the ssh-copy-id
script (which has been throughly vetted) instead of trying to write a python solution (a sledge hammer in this case).
All that being said, there is already a tool for this called Anvil (which I have not looked at either).