{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam:::role/"
Turbo Fredriksson FransUrbo
FransUrbo
/ gist:bd04d1c8744cd7b48661f6363ae7fe65
Created
July 31, 2023 10:08
Terraform for_each test
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2023-07-31T11:05:02.254+0100 [INFO] Terraform version: 1.5.4 | |
| 2023-07-31T11:05:02.254+0100 [DEBUG] using github.com/hashicorp/go-tfe v1.26.0 | |
| 2023-07-31T11:05:02.254+0100 [DEBUG] using github.com/hashicorp/hcl/v2 v2.16.2 | |
| 2023-07-31T11:05:02.254+0100 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.0 | |
| 2023-07-31T11:05:02.254+0100 [DEBUG] using github.com/zclconf/go-cty v1.12.2 | |
| 2023-07-31T11:05:02.254+0100 [INFO] Go runtime version: go1.20.6 | |
| 2023-07-31T11:05:02.254+0100 [INFO] CLI args: []string{"terraform", "plan", "-no-color"} | |
| 2023-07-31T11:05:02.254+0100 [TRACE] Stdout is not a terminal | |
| 2023-07-31T11:05:02.254+0100 [TRACE] Stderr is not a terminal | |
| 2023-07-31T11:05:02.254+0100 [TRACE] Stdin is a terminal |
FransUrbo
/ gist:88b26033cb513a8aa569bd5392a427b1
Last active
March 28, 2018 14:59
How to use different Hiera/Eyaml keys for different environments using the AWS Parameter Store to store the encryption keys for Hiera/Eyaml.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| uniqueids=no | |
| strictcrlpolicy=no | |
| conn %default | |
| left=10.99.0.174 | |
| leftid=vpn.domain.tld | |
| leftcert=jumpbox.pem | |
| leftsubnet=10.96.0.0/11 | |
| leftfirewall=yes |
FransUrbo
/ gist:2cc5104fded000edfeae4154b30fdac9
Created
May 24, 2017 14:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ** CLIENT ** | |
| root@raspberrypi:~# ipsec up company | |
| initiating IKE_SA company[13] to VPN_IP | |
| generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] | |
| sending packet: from 10.11.3.21[500] to VPN_IP[500] (1400 bytes) | |
| received packet: from VPN_IP[500] to 10.11.3.21[500] (38 bytes) | |
| parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] | |
| peer didn't accept DH group MODP_1536, it requested MODP_2048 | |
| initiating IKE_SA company[13] to VPN_IP | |
| generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] |
FransUrbo
/ gist:04ce0fc6438647939f29d9cfed5c2df1
Created
May 24, 2017 14:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ** CLIENT ** | |
| # /etc/ipsec.conf | |
| config setup | |
| uniqueids=no | |
| strictcrlpolicy=no | |
| charondebug="ike 3, knl 2, cfg 3, mgr 3, chd 2, net 3" | |
| conn %default | |
| leftid=raspberrypi | |
| leftfirewall=yes |
FransUrbo
/ Strongswan+RADIUS - logs (client)
Created
May 22, 2017 11:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| May 22 08:01:40 griffio charon-nm: 13[ENC] parsed IKE_AUTH response 1 [ EF(4/4) ] | |
| May 22 08:01:40 griffio charon-nm: 13[ENC] received fragment #4 of 4, reassembling fragmented IKE message | |
| May 22 08:01:40 griffio charon-nm: 13[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] | |
| May 22 08:01:40 griffio charon-nm: 13[IKE] received end entity cert "VPN_HOST_CERT" | |
| May 22 08:01:40 griffio charon-nm: 13[CFG] using certificate "VPN_HOST_CERT" | |
| May 22 08:01:40 griffio charon-nm: 13[CFG] using trusted ca certificate "CA_CERT_DN" | |
| May 22 08:01:40 griffio charon-nm: 13[CFG] checking certificate status of "VPN_HOST_CERT" | |
| May 22 08:01:40 griffio charon-nm: 13[CFG] certificate status is not available | |
| May 22 08:01:40 griffio charon-nm: 13[CFG] reached self-signed root ca with a path length of 0 | |
| May 22 08:01:40 griffio charon-nm: 13[IKE] authentication of 'vpn.domain.tld' with RSA_EMSA_PKCS1_SHA2_256 successful |
FransUrbo
/ Strongswan+RADIUS - logs (success)
Created
May 22, 2017 11:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| May 22 11:28:10 jumpbox charon: 16[NET] received packet: from REMOTE_NAT_IP[4500] to LOCAL_VPN_IP[4500] (68 bytes) | |
| May 22 11:28:10 jumpbox charon: 16[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] | |
| May 22 11:28:10 jumpbox charon: 16[IKE] received EAP identity 'turbo' | |
| May 22 11:28:10 jumpbox charon: 16[CFG] sending RADIUS Access-Request to server 'primary' | |
| May 22 11:28:10 jumpbox charon: 16[CFG] received RADIUS Access-Challenge from server 'primary' | |
| May 22 11:28:10 jumpbox charon: 16[IKE] initiating EAP_MD5 method (id 0x01) | |
| May 22 11:28:10 jumpbox charon: 16[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ] | |
| May 22 11:28:10 jumpbox charon: 16[NET] sending packet: from LOCAL_VPN_IP[4500] to REMOTE_NAT_IP[4500] (84 bytes) | |
| May 22 11:28:10 jumpbox charon: 06[NET] received packet: from REMOTE_NAT_IP[4500] to LOCAL_VPN_IP[4500] (68 bytes) | |
| May 22 11:28:10 jumpbox charon: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/NAK ] |
FransUrbo
/ Strongswan+RADIUS - logs
Created
May 22, 2017 10:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| May 22 11:55:21 jumpbox charon: 05[NET] received packet: from REMOTE_NAT_IP[60440] to LOCAL_VPN_IP[500] (792 bytes) | |
| May 22 11:55:21 jumpbox charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] | |
| May 22 11:55:21 jumpbox charon: 05[IKE] REMOTE_NAT_IP is initiating an IKE_SA | |
| May 22 11:55:21 jumpbox charon: 05[IKE] local host is behind NAT, sending keep alives | |
| May 22 11:55:21 jumpbox charon: 05[IKE] remote host is behind NAT | |
| May 22 11:55:21 jumpbox charon: 05[IKE] DH group ECP_256 inacceptable, requesting MODP_2048 | |
| May 22 11:55:21 jumpbox charon: 05[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] | |
| May 22 11:55:21 jumpbox charon: 05[NET] sending packet: from LOCAL_VPN_IP[500] to REMOTE_NAT_IP[60440] (38 bytes) | |
| May 22 11:55:21 jumpbox charon: 07[NET] received packet: from REMOTE_NAT_IP[60440] to LOCAL_VPN_IP[500] (984 bytes) | |
| May 22 11:55:21 jumpbox charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(H |
FransUrbo
/ Strongswan+RADIUS
Last active
May 22, 2017 10:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ipsec.conf-defaults | |
| =================== | |
| config setup | |
| uniqueids=no | |
| strictcrlpolicy=no | |
| # nat_traversal=yes | |
| #charondebug="ike 2, knl 2, cfg 3, mgr 3, chd 2, net 2" | |
| # NOTE: The 'leftid' must be present as a "Subject Alternative Name" in the cert!! | |
| conn %default |
FransUrbo
/ Cinder zol driver logs
Created
March 9, 2017 16:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2017-03-08 16:58:53 DEBUG cinder.volume.drivers.zol Updating volume stats _update_volume_stats /usr/lib/python2.7/dist-packages/cinder/volume/drivers/zol.py:231 | |
| 2017-03-08 16:59:46 DEBUG cinder.volume.drivers.zol create_volume(49daf7e1-285a-4734-8ba7-f8f90a1ae26d) => share/VirtualMachines/Blade_Center/volume-49daf7e1-285a-4734-8ba7-f8f90a1ae26d create_volume /usr/lib/python2.7/dist-packages/cinder/volume/drivers/zol.py:209 | |
| 2017-03-08 16:59:49 DEBUG cinder.volume.drivers.zol copy_image_to_volume(volume=49daf7e1-285a-4734-8ba7-f8f90a1ae26d, service=<cinder.image.glance.GlanceImageService object at 0x7fb34a1b45d0>, image=364dac3c-b1a6-402c-956e-aafc50b47c8b) copy_image_to_volume /usr/lib/python2.7/dist-packages/cinder/volume/drivers/zol.py:743 | |
| 2017-03-08 16:59:49 DEBUG cinder.volume.drivers.zol create_export(49daf7e1-285a-4734-8ba7-f8f90a1ae26d) create_export /usr/lib/python2.7/dist-packages/cinder/volume/drivers/zol.py:681 | |
| 2017-03-08 16:59:49 DEBUG cinder.volume.drivers.zol create_export: Trying to share "share |
NewerOlder