Skip to content

Instantly share code, notes, and snippets.

View away168's full-sized avatar

Andrew Way away168

63 followers · 9 following
  • env0
  • San Mateo, CA
View GitHub Profile
@away168
away168 / front50.logs
Created June 15, 2020 23:07
Front50 Logs after creating a new application
2020-06-15 23:04:42.553 INFO 1 --- [0.0-8080-exec-9] c.n.spinnaker.fiat.shared.FiatService : ---> HTTP POST http://spin-fiat.spinnaker:7003/roles/sync
2020-06-15 23:04:42.571 INFO 1 --- [0.0-8080-exec-9] c.n.spinnaker.fiat.shared.FiatService : ---- ERROR http://spin-fiat.spinnaker:7003/roles/sync
2020-06-15 23:04:42.608 INFO 1 --- [0.0-8080-exec-9] c.n.spinnaker.fiat.shared.FiatService : java.lang.IllegalArgumentException: method POST must have a request body.
at com.squareup.okhttp.Request$Builder.method(Request.java:259)
at retrofit.client.OkClient.createRequest(OkClient.java:59)
at retrofit.client.OkClient.execute(OkClient.java:53)
at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:326)
at retrofit.RestAdapter$RestHandler.invoke(RestAdapter.java:240)
at com.sun.proxy.$Proxy144.sync(Unknown Source)
at com.netflix.spinnaker.fiat.shared.FiatService$sync.call(Unknown Source)
@away168
away168 / igor.log
Created May 22, 2020 00:52
2nd try of Igor / Vault logs. Restarted Vault
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/opt/igor/lib/groovy-2.5.9.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
00:51:38.625 [main] WARN com.netflix.config.sources.URLConfigurationSource - No URLs will be polled as dynamic configuration sources.
00:51:38.630 [main] INFO com.netflix.config.sources.URLConfigurationSource - To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
00:51:38.686 [main] DEBUG com.netflix.config.util.OverridingPropertiesConfiguration - Base path set to jar:file:/opt/i
@away168
away168 / audit.log
Created May 22, 2020 00:41
TLS Handshake Error with Igor - From CSAA
{"time":"2020-05-13T16:55:21.945094708Z","type":"request","auth":{"client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","accessor":"hmac-sha256:f579e957d0f484c987b368a2405632af78104af063efa0de9e0458ce2a7208c9","display_name":"ldap-xglhfior","policies":["default","grpemdevops"],"token_policies":["default","grpemdevops"],"metadata":{"username":"xglhfior"},"entity_id":"69966b38-ae89-9770-32d9-44f27763ce4e","token_type":"service"},"request":{"id":"65e0891f-298e-0ba1-00b6-f42a08e8e3b6","operation":"read","client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","client_token_accessor":"hmac-sha256:f579e957d0f484c987b368a2405632af78104af063efa0de9e0458ce2a7208c9","namespace":{"id":"root"},"path":"sys/internal/ui/resultant-acl","remote_address":"10.229.225.16"}}
{"time":"2020-05-13T16:55:21.947203512Z","type":"response","auth":{"client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","accessor":"hmac-sha2
@away168
away168 / audit.log
Created May 22, 2020 00:41
TLS Handshake Error with Igor - From CSAA
{"time":"2020-05-13T16:55:21.945094708Z","type":"request","auth":{"client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","accessor":"hmac-sha256:f579e957d0f484c987b368a2405632af78104af063efa0de9e0458ce2a7208c9","display_name":"ldap-xglhfior","policies":["default","grpemdevops"],"token_policies":["default","grpemdevops"],"metadata":{"username":"xglhfior"},"entity_id":"69966b38-ae89-9770-32d9-44f27763ce4e","token_type":"service"},"request":{"id":"65e0891f-298e-0ba1-00b6-f42a08e8e3b6","operation":"read","client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","client_token_accessor":"hmac-sha256:f579e957d0f484c987b368a2405632af78104af063efa0de9e0458ce2a7208c9","namespace":{"id":"root"},"path":"sys/internal/ui/resultant-acl","remote_address":"10.229.225.16"}}
{"time":"2020-05-13T16:55:21.947203512Z","type":"response","auth":{"client_token":"hmac-sha256:b7c80127a692e4a8ee99750e0ac689e66fea299adf1af32afc1baa265e4f46ac","accessor":"hmac-sha2
@away168
away168 / igor.log
Last active May 22, 2020 00:51
Logs from Igor - with it crashing with a Vault Secret and vault behind a TLS endpoint.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.vmplugin.v7.Java7$1 (file:/opt/igor/lib/groovy-2.5.9.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.vmplugin.v7.Java7$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
00:32:22.988 [main] WARN com.netflix.config.sources.URLConfigurationSource - No URLs will be polled as dynamic configuration sources.
00:32:23.000 [main] INFO com.netflix.config.sources.URLConfigurationSource - To enable URLs as dynamic configuration sources, define System property archaius.configurationSource.additionalUrls or make config.properties available on classpath.
00:32:23.048 [main] DEBUG com.netflix.config.util.OverridingPropertiesConfiguration - Base path set to jar:file:/opt/i
@away168
away168 / vault.yml
Created May 18, 2020 20:30
vault configuration for k3s
---
# Source: vault/templates/injector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: spinnaker-vault-agent-injector
namespace: vault
labels:
app.kubernetes.io/name: vault-agent-injector
app.kubernetes.io/instance: spinnaker
@away168
away168 / pipeline-userdata.json
Last active December 12, 2019 07:43
spinnaker pipeline using artifact to encode into base64 for userdata
{
"expectedArtifacts": [
{
"defaultArtifact": {
"artifactAccount": "no-auth-http-account",
"id": "dea55550-a4f5-4f8e-a558-d37c04724ef7",
"reference": "https://gist.githubusercontent.com/away168/23caca2152f83138d0784b6661d8d9b5/raw/8b88efa3668d95596713765ac9d666f3d2c51011/nginx.sh",
"type": "http/file"
},
"displayName": "nginx.sh",
@away168
away168 / nginx.sh
Created December 12, 2019 07:26
#!/bin/bash
sudo bash -c "sed "s/welcome/Thiswillworkplease/i" /usr/share/nginx/html/index.html > /usr/share/nginx/html/index2.html"
sudo bash -c "cp -f /usr/share/nginx/html/index2.html /usr/share/nginx/html/index.html"
@away168
away168 / terraformer.md
Last active October 30, 2020 20:32
How to configure Terraformer to pull private repos for Terraform modules

NOTE

This doc has been deprecated in favor of using Named Profiles - A Named Profile gives users the ability to reference certain kinds of external sources, such as a private remote repository, when creating pipelines. The supported credentials are described in Types of credentials.

Background

When using a private repo for Terraform modules - the git credentials need to be available for terraform in order to properly clone the modules repo. In other words, Terraform scripts that reference a private repo for the source of modules require git credentials.

e.g.

module "iam_user" {
 source = "git::https://github.com/away168/private-terraform-modules.git//modules/iam-user"
@away168
away168 / gist:14656c0ee25f3d08541ca1a6cdeaadc7
Created December 4, 2019 21:33
MJ before Deploy Policy
deployStagesRefId := deployStages[_].refId
deployStagesRequisiteStageId := deployStages[_].requisiteStageRefIds
deployStageName := deployStages[_].name
}
# merge the two prodDeployStages
allProdDeployStages [{"results": results}] {
results := prodDeployStages | prodDeployStages2
}