remote_file s3 random 403


#1

Hello Chefs

I’ve been encountering issues on long chef runs with in a vagrant - chef-client to server testing environment.
When I issue a full run after a while the remote_file requests to AWS S3 will file with a 403 response.

================================================================================
Error executing action create on resource ‘cookbook_file[/tmp/chef/source/install_packageXYZ]’

Net::HTTPServerException

403 “Forbidden”

From what I can gather is that this possibly due to clock skew during the run as AWS expects timestamps within a tolerance of 15 minutes. The next converge will download the file fine, it’s not the same file that continuously fails.

This issue is documented in the AWS FAQ

Has anyone else encountered this issue before? Is there a more appropriate resource with a retry option?

Appreciate your time,

Damien.


#2

The S3 URLs expire after a time. You can work around this problem by configuring chef to eagerly load all files from a cookbook at the beginning of a run using the no_lazy_load option, documented here (about half-way down) http://docs.opscode.com/config_rb_client.html


Daniel DeLeo

On Wednesday, January 15, 2014 at 2:21 AM, dcroche@gmail.com wrote:

Hello Chefs

I’ve been encountering issues on long chef runs with in a vagrant - chef-client to server testing environment.
When I issue a full run after a while the remote_file requests to AWS S3 will file with a 403 response.

================================================================================
Error executing action create on resource ‘cookbook_file[/tmp/chef/source/install_packageXYZ]’

Net::HTTPServerException

403 “Forbidden”

From what I can gather is that this possibly due to clock skew during the run as AWS expects timestamps within a tolerance of 15 minutes. The next converge will download the file fine, it’s not the same file that continuously fails.

This issue is documented in the AWS FAQ
http://aws.amazon.com/articles/1109#04

Has anyone else encountered this issue before? Is there a more appropriate resource with a retry option?

Appreciate your time,

Damien.