Intermittent SSL Errors with S3 Bookshelf


#1

Hello, I’m hoping someone may be able to help with my issue or offer some
experienced insight.

I’m currently running up against an intermittent SSL issue during chef-client
runs. Our chef server (v11.0.10) is configured to use S3 as the bookshelf
location and ssl verification is set to :verify_none for the client.

Most of the time this all works fine but every so often, at least once when we
stand up a new instance, we see the following error:

[2014-05-20T07:23:43+00:00] ERROR: SSL Validation failure connecting to host:
s3-us-west-2.amazonaws.com - SSL_connect SYSCALL returned=5 errno=0 state=SSLv3
read finished A
[2014-05-20T07:23:43+00:00] ERROR: Running exception handlers
[2014-05-20T07:23:43+00:00] ERROR: Exception handlers complete
[2014-05-20T07:23:43+00:00] FATAL: Stacktrace dumped to
/var/cache/chef/chef-stacktrace.out
[2014-05-20T07:23:43+00:00] ERROR: SSL_connect SYSCALL returned=5 errno=0
state=SSLv3 read finished A

================================================================================
Error Syncing Cookbooks:

Unexpected Error:

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read
finished A

[2014-05-20T07:23:14+00:00] INFO: Forking chef instance to converge…
[2014-05-20T07:23:44+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef
run process exited unsuccessfully (exit code 1)

If I re-run chef-client on the instance immediately after the failure it will
pick up and continue on from where it left off. Sometimes it will eventually
encounter the same error, other times it finishes without further error.

Anyone encounter this issue before? Any help or guidance would be greatly
appreciated. Thanks!