Why will hosted chef not work? SSL Validation failure connecting to host: s3-external-1.amazonaws.com

Chef Infra (archive)
1

Hi,

I get the below error when trying to bootstrap a machine. Is there an
issue with hosted chef? How do I resolve?

  • chef_handler
    [2014-06-13T09:26:40-04:00] INFO: Storing updated
    cookbooks/environment/recipes/chef.rb in the cache.
    [2014-06-13T09:26:53-04:00] ERROR: SSL Validation failure connecting to
    host: s3-external-1.amazonaws.com - SSL_connect SYSCALL returned=5 errno=0
    state=SSLv3 read finished A

================================================================================
Error Syncing Cookbooks:

Unexpected Error:

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3
read finished A

Running handlers:
[2014-06-13T09:26:53-04:00] ERROR: Running exception handlers
[2014-06-13T09:26:53-04:00] ERROR: Creating JSON exception report

  • Chef::Handler::JsonFile
    Running handlers complete

[2014-06-13T09:26:53-04:00] ERROR: Exception handlers complete
[2014-06-13T09:26:53-04:00] FATAL: Stacktrace dumped to
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 27.19466371 seconds
[2014-06-13T09:26:53-04:00] INFO: Sending resource update report (run-id:
68494182-c6c5-4deb-abac-3b2a5408bd72)
[2014-06-13T09:26:54-04:00] ERROR: SSL_connect SYSCALL returned=5 errno=0
state=SSLv3 read finished A
[2014-06-13T09:26:54-04:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)
root@do-gitcollector-sf-development-20140613130908:/home/ubuntu# nano
/var/chef/cache/chef-stacktrace.out
Use “fg” to return to nano.

2

Amazon changed their TLS certificates yesterday and the new CA cert is not included in the bundles of some older OSes it seems. I've gotten reports of this on Ubuntu 12.04 and RHEL 6.4. You can fix it by downloading the curl cacert bundle file and adding "ssl_ca_file '/path/to/cacert.pem'" to your client.rb. You can also check if an update is available for your system CA bundle package.

--Noah

On Jun 13, 2014, at 6:30 AM, David Montgomery davidmontgomery@gmail.com wrote:

Hi,

I get the below error when trying to bootstrap a machine. Is there an issue with hosted chef? How do I resolve?

  • chef_handler
    [2014-06-13T09:26:40-04:00] INFO: Storing updated cookbooks/environment/recipes/chef.rb in the cache.
    [2014-06-13T09:26:53-04:00] ERROR: SSL Validation failure connecting to host: s3-external-1.amazonaws.com - SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

================================================================================
Error Syncing Cookbooks:

Unexpected Error:

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

Running handlers:
[2014-06-13T09:26:53-04:00] ERROR: Running exception handlers
[2014-06-13T09:26:53-04:00] ERROR: Creating JSON exception report

  • Chef::Handler::JsonFile
    Running handlers complete

[2014-06-13T09:26:53-04:00] ERROR: Exception handlers complete
[2014-06-13T09:26:53-04:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 27.19466371 seconds
[2014-06-13T09:26:53-04:00] INFO: Sending resource update report (run-id: 68494182-c6c5-4deb-abac-3b2a5408bd72)
[2014-06-13T09:26:54-04:00] ERROR: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A
[2014-06-13T09:26:54-04:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
root@do-gitcollector-sf-development-20140613130908:/home/ubuntu# nano /var/chef/cache/chef-stacktrace.out
Use "fg" to return to nano.

3

Hosted Chef uses S3 for cookbook storage and the communication from
your node is direct to S3.

I've seen this before. It actually has nothing to do with SSL
validation, but a broken connection (TCP RST) between your host and
S3.

  • Julian

On Fri, Jun 13, 2014 at 9:30 AM, David Montgomery
davidmontgomery@gmail.com wrote:

Hi,

I get the below error when trying to bootstrap a machine. Is there an
issue with hosted chef? How do I resolve?

  • chef_handler
    [2014-06-13T09:26:40-04:00] INFO: Storing updated
    cookbooks/environment/recipes/chef.rb in the cache.
    [2014-06-13T09:26:53-04:00] ERROR: SSL Validation failure connecting to
    host: s3-external-1.amazonaws.com - SSL_connect SYSCALL returned=5 errno=0
    state=SSLv3 read finished A

================================================================================
Error Syncing Cookbooks:

Unexpected Error:

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3
read finished A

Running handlers:
[2014-06-13T09:26:53-04:00] ERROR: Running exception handlers
[2014-06-13T09:26:53-04:00] ERROR: Creating JSON exception report

  • Chef::Handler::JsonFile
    Running handlers complete

[2014-06-13T09:26:53-04:00] ERROR: Exception handlers complete
[2014-06-13T09:26:53-04:00] FATAL: Stacktrace dumped to
/var/chef/cache/chef-stacktrace.out
Chef Client failed. 0 resources updated in 27.19466371 seconds
[2014-06-13T09:26:53-04:00] INFO: Sending resource update report (run-id:
68494182-c6c5-4deb-abac-3b2a5408bd72)
[2014-06-13T09:26:54-04:00] ERROR: SSL_connect SYSCALL returned=5 errno=0
state=SSLv3 read finished A
[2014-06-13T09:26:54-04:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)
root@do-gitcollector-sf-development-20140613130908:/home/ubuntu# nano
/var/chef/cache/chef-stacktrace.out
Use "fg" to return to nano.

--
[ Julian C. Dunn jdunn@aquezada.com * Sorry, I'm ]
[ WWW: Julian Dunn's Blog - Commentary on media, technology, and everything in between. * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]