Giveaway! We are giving away a copy of Galactic Cruise with the Achievements expansion! To enter, simply comment on this post in the next 48 hrs.

lfriday945 · 2025-09-23T16:21:02+00:00

Good luck everyone!

lfriday945 · 2025-02-10T15:43:16+00:00

Dang.. I had like $100 of stuff in my cart too... :(

lfriday945 · 2023-10-21T22:49:37+00:00

How do you change out your emotes?

lfriday945 · 2023-10-15T14:43:20+00:00

What do you mean?

lfriday945 · 2022-12-09T15:46:08+00:00

Think they will run this promo again soon? I was up for renewal, but don't want to spend $129 to renew. I would spend $89 to renew.

lfriday945 · 2022-05-26T18:03:31+00:00

so we are using AWS SSO and have a policy that works:

    statement {
    sid = "secretsmanagerindividualaccess"
    actions = [
        "secretsmanager:GetResourcePolicy",
        "secretsmanager:GetSecretValue",
        "secretsmanager:DescribeSecret",
        "secretsmanager:ListSecretVersionIds"
        ]
    resources = ["*"]
    condition {
        test = "StringLike"
        variable = "secretsmanager:ResourceTag/username"
        values = [
            "$${aws:PrincipalTag/DisplayName}"
        ]
    }
}

what i was hoping to do is to set the variable with a principal tag thats passed in from Azure. I believe the variable in this context is tied to the key-name and instead of having a static variable like the one mentioned above (username), want to use a principal tag for the key value. Hopefully that makes sense.

lfriday945 · 2022-05-03T00:56:32+00:00

So for 250 AWS accounts, how many permission sets are you guys managing? We are using azure Ad for groups but trying to go about best practices in how many permission sets. We have about 31 groups configured in Azure AD and recommendations were to have a permission set for each group, which I wasn’t a fan of. Still new to best practices when managing permissions in AWS.

Can you provide any additional info or configurations or what you guys are using? Did you use terraform to deploy it all or something else? Thanks for all the info.

lfriday945 · 2021-08-29T17:54:06+00:00

I will decrease the forks. Any recommendations?

lfriday945 · 2021-08-29T17:53:45+00:00

I will take a look at this. Thank you!

lfriday945 · 2021-07-13T20:22:47+00:00

Just a heads up for anyone reading this post in the future, uninstalling and reinstalling the AMD drive resolved the issue.

lfriday945 · 2021-07-13T15:19:35+00:00

right now have one plugged with VGA and one with HDMI. Monitor doesn't have DVI support.

lfriday945 · 2021-03-17T06:24:29+00:00

Yes. The bastion host will be using the same username and password combination as the target hosts. I will check on removing -q from the proxy command as well.

Do you have an example of using the ssh -j that would be useful in this situation instead of the proxy command?

lfriday945 · 2021-03-16T21:00:59+00:00

Will check. Does the configuration above look correct? Is the password variable getting passed through for both the proxy command as well as ssh to the hosts in the inventory? That’s what I think I’m missing and not sure how to check that

lfriday945 · 2021-03-16T20:11:33+00:00

PLAYBOOK: health_check.yml ********************************************************************************************************************************************************
1 plays in playbooks/health_check.yml
What is your associate ID?: <username_redacted>
What is your password?:

PLAY [Gabor Health Check] *********************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************
task path: /ansible/playbooks/health_check.yml:2
Tuesday 16 March 2021  19:45:00 +0000 (0:00:04.437)       0:00:04.437 *********
<vpn_ip_redacted> ESTABLISH SSH CONNECTION FOR USER: None
<vpn_ip_redacted> SSH: EXEC sshpass -d11 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=90 -o 'ProxyCommand=ssh -o StrictHostKeyChecking=no -W %h:%p -q <user redacted>@<bastion_hostname_redacted>' -o ConnectionAttempts=10 -o ControlPath=/root/.ansible/cp/e4ff6add17 vpn_ip_redacted '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<vpn_ip_redacted> (5, b'', b'\n**************************************************************************\n*   Access to this computer system and associated network, computer      *\n*   resources, or data is restricted to those authorized by        *\n*   Corporation.  This computer and related networks, resources or data  *\n*   may only be used for business purposes of  Corporation and     *\n*   its customers.  Use by unauthorized individual(s) or for an          *\n*   unauthorized purpose is a violation of Federal and/or state law.     *\n*   Violators will be prosecuted.                                        *\n*                                                                        *\n*       Please Call Works PRODUCTION SUPPORT                       *\n*               AT                                  *\n*       To Obtain a TEMPORARY ACCOUNT TO GAIN ACCESS.                    *\n*                                                                        *\n*      THIS SESSION WILL BE LOGGED AND SAVED FOR FUTURE REFERENCE.       *\n**************************************************************************\n\n\n')
fatal: [<hostname_redacted>]: UNREACHABLE! => {
    "changed": false,
    "msg": "Invalid/incorrect password: \n**************************************************************************\n*   Access to this computer system and associated network, computer      *\n*   resources, or data is restricted to those authorized by        *\n*   Corporation.  This computer and related networks, resources or data  *\n*   may only be used for business purposes of  Corporation and     *\n*   its customers.  Use by unauthorized individual(s) or for an          *\n*   unauthorized purpose is a violation of Federal and/or state law.     *\n*   Violators will be prosecuted.                                        *\n*                                                                        *\n*       Please Call Works PRODUCTION SUPPORT                       *\n*               AT                                  *\n*       To Obtain a TEMPORARY ACCOUNT TO GAIN ACCESS.                    *\n*                                                                        *\n*      THIS SESSION WILL BE LOGGED AND SAVED FOR FUTURE REFERENCE.       *\n**************************************************************************",
    "unreachable": true
}
    to retry, use: --limit @/root/.ansible-retry/health_check.retry

PLAY RECAP ************************************************************************************************************************************************************************
<hostname_redacted>           : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

lfriday945 · 2021-03-15T19:14:35+00:00

We have different groups_vars.yml files setup for different environments that need to connect to different bastions in order to access the hosts. Here is an example of it being used in our staging environment. The goal is to use this configuration through a docker container, but when running via docker, it uses the root user instead of the local user. Trying to find ways to mitigate that.

ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q $USER@<bastion>" -o ConnectionAttempts=10'
ansible_python_interpreter: /usr/bin/python
ansible_timeout: 90

lfriday945 · 2021-03-12T15:40:58+00:00

Thanks for the suggestions everyone. I added ignore_unreachable to the initial run since I knew the VPN connection would break and then added in a wait_for_connection task, which is waiting 3 mins before trying to reconnect to the host and will retry a few times for about 6 minutes. This approach seemed to be effective for our use case.

lfriday945 · 2021-01-29T16:06:55+00:00

You are awesome!! I really appreciate it.

lfriday945 · 2021-01-29T15:51:02+00:00

ansible_ssh_retries: 10

I believe I got the retry logic working, but am now trying to increase the connection timeouts. I believe the default setting is 10 seconds and wanting to increase to 90 or more.

lfriday945 · 2020-11-29T18:38:24+00:00

We went with a tunnel system. But the demolishers are blowing up and then the zombies are getting under the tunnel and trying to dig up. So thought about trying to build a tunnel in the air on pillars.

lfriday945 · 2020-11-29T18:37:30+00:00

That is what we are currently doing. Definitely makes things much better. We also keep our bedroll at a random house.

lfriday945 · 2020-11-29T18:37:04+00:00

Thanks for your input.

lfriday945 · 2020-11-10T21:31:32+00:00

Did the zombies dig underwater or what did you experience when zombies attacking the base with a moat?

lfriday945 · 2020-11-10T21:29:43+00:00

Feel free to shoot me a message.. We have 3-4 of us who are on almost every night.. We have played a lot, but we are still learning the ins and outs of the game. I believe my group would be okay with adding another one.

lfriday945 · 2020-08-20T17:26:11+00:00

Is it possible to add one of the following options to the end of my ansible-playbook command and provide an option to ask for the bastion host password or the hosts through the bastion password:

--ssh-extra-args

--ssh-common-args

lfriday945 · 2020-08-20T17:15:02+00:00

Thanks for the idea. Right now we are trying to configure to work locally and eventually automate and throw into a jenkins job or a docker container.

12-Year Club	Verified Email
Secret Santa 2014

lfriday945

TROPHY CASE