Of course not, I've fixed it. Thanks for spotting this, I thought I've made it just readable by anyone.
I have been referred to this paste. Maybe it could be useful to have it in operations/puppet.git under ./utils ? :)
@hashar it's linked in https://wikitech.wikimedia.org/wiki/Production_shell_access#Known_host_files I was actually hoping we could create a repository for tool that should live and run from within our local environments and are generic and not tied to any specific other repo. So in the meanwhile I've put it here :) Open for suggestions.
That sounds like an excellent idea. It's very much in line with Developer Productivity (cc @jeena) and it's something I've wanted to set up for a very long time. I've recently settled for writing Scap plugins in various repositories or just adding something to ~/bin. Neither is a satisfactory collaborative and reusable method for advancing our collective local dev environments.
...this comment got long so I'm breaking it out into a task: T212016
See also (related but for bastion updating): https://people.wikimedia.org/~dzahn/bastion.sh.txt
Paste diff is not that smart, I just added a check for the main DYNA record to silently skip its CNAMEs without spamming stderr.
The script has been moved to https://gerrit.wikimedia.org/r/plugins/gitiles/operations/debs/wmf-sre-laptop/+/refs/heads/master/scripts/wmf-update-known-hosts-production
If you're an SRE and run a Linux OS you're encouraged to follow https://wikitech.wikimedia.org/wiki/Wmf-sre-laptop, for all other use cases just use the version of the repo as the source of truth for the latest version of the script.
I've also updated the related wikitech documentation.
This paste is now archived.