remote_file s3 random 403

Damien_Roche · January 15, 2014, 10:21am

Hello Chefs

I’ve been encountering issues on long chef runs with in a vagrant - chef-client to server testing environment.
When I issue a full run after a while the remote_file requests to AWS S3 will file with a 403 response.

================================================================================
Error executing action `create` on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'

Net::HTTPServerException

403 "Forbidden"

From what I can gather is that this possibly due to clock skew during the run as AWS expects timestamps within a tolerance of 15 minutes. The next converge will download the file fine, it’s not the same file that continuously fails.

This issue is documented in the AWS FAQ
http://aws.amazon.com/articles/1109#04

Has anyone else encountered this issue before? Is there a more appropriate resource with a retry option?

Appreciate your time,

Damien.

kallistec · January 15, 2014, 5:27pm

The S3 URLs expire after a time. You can work around this problem by configuring chef to eagerly load all files from a cookbook at the beginning of a run using the no_lazy_load option, documented here (about half-way down) client.rb

--
Daniel DeLeo

On Wednesday, January 15, 2014 at 2:21 AM, dcroche@gmail.com wrote:

Hello Chefs

I’ve been encountering issues on long chef runs with in a vagrant - chef-client to server testing environment.
When I issue a full run after a while the remote_file requests to AWS S3 will file with a 403 response.

================================================================================
Error executing action create on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'

Net::HTTPServerException

403 "Forbidden"

From what I can gather is that this possibly due to clock skew during the run as AWS expects timestamps within a tolerance of 15 minutes. The next converge will download the file fine, it’s not the same file that continuously fails.

This issue is documented in the AWS FAQ
Amazon Simple Storage Service (S3) — Cloud Storage — AWS

Has anyone else encountered this issue before? Is there a more appropriate resource with a retry option?

Appreciate your time,

Damien.

Topic		Replies	Views
http_request head on S3 pre-signed URL gets 403 error Chef Infra (archive)	2	2022	June 20, 2013
Seeing a weird 403 Error while running recipe Chef Infra (archive)	2	1129	December 5, 2014
Chef-client run 403 errors with GET /organizations/my_org_name URL Chef Infra (archive)	0	422	March 24, 2020
Chef Client support with Windows 2019 Chef Infra (archive)	5	1149	January 25, 2019
Chef Certificates Chef Infra (archive)	1	704	May 19, 2015

remote_file s3 random 403

================================================================================ Error executing action create on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'

Net::HTTPServerException

================================================================================ Error executing action create on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'

Net::HTTPServerException

Related Topics

================================================================================
Error executing action `create` on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'

================================================================================
Error executing action `create` on resource 'cookbook_file[/tmp/chef/source/install_packageXYZ]'