AWS OpsWorks S3 403 RestClient::Forbidden

Posted

技术标签:

【中文标题】AWS OpsWorks S3 403 RestClient::Forbidden【英文标题】: 【发布时间】:2016-03-12 01:41:20 【问题描述】:

我是使用 Chef 的新手。我确实创建了一个非常简单的食谱作为 S3 的 zip 文件,但我总是收到这个错误

[2015-12-07T10:29:53+00:00] INFO: Not needed with Chef 11.x (x >= 8) anymore.
[2015-12-07T10:29:53+00:00] INFO: Processing package[git] action install (opsworks_custom_cookbooks::checkout line 21)
[2015-12-07T10:29:54+00:00] INFO: Processing package[perl-Digest-HMAC] action install (opsworks_custom_cookbooks::checkout line 22)
[2015-12-07T10:29:54+00:00] INFO: Processing package[unzip] action install (opsworks_custom_cookbooks::checkout line 24)
[2015-12-07T10:29:54+00:00] INFO: Processing template[/root/.s3curl] action create (opsworks_custom_cookbooks::checkout line 24)
[2015-12-07T10:29:54+00:00] INFO: template[/root/.s3curl] created file /root/.s3curl
[2015-12-07T10:29:54+00:00] INFO: template[/root/.s3curl] updated file contents /root/.s3curl
[2015-12-07T10:29:54+00:00] INFO: template[/root/.s3curl] mode changed to 600
[2015-12-07T10:29:54+00:00] INFO: Processing directory[/tmp/opsworks20151207-2439-1lgn8x6] action create (opsworks_custom_cookbooks::checkout line 32)
[2015-12-07T10:29:54+00:00] INFO: directory[/tmp/opsworks20151207-2439-1lgn8x6] mode changed to 755
[2015-12-07T10:29:54+00:00] INFO: Processing s3_file[/tmp/opsworks20151207-2439-1lgn8x6/archive] action create (opsworks_custom_cookbooks::checkout line 38)
[2015-12-07T10:29:54+00:00] INFO: Processing chef_gem[rest-client] action install (s3_file::dependencies line 1)
[2015-12-07T10:29:54+00:00] WARN: #<RestClient::RawResponse:0x0055dd47315478 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-1b2rwtr>, @code=403>
[2015-12-07T10:29:59+00:00] WARN: #<RestClient::RawResponse:0x0055dd474094d8 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-pvv1v>, @code=403>
[2015-12-07T10:30:04+00:00] WARN: #<RestClient::RawResponse:0x0055dd474b7268 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-5e98l1>, @code=403>
[2015-12-07T10:30:09+00:00] WARN: #<RestClient::RawResponse:0x0055dd481acf18 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-10607v8>, @code=403>
[2015-12-07T10:30:14+00:00] WARN: #<RestClient::RawResponse:0x0055dd48279f90 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-1659itz>, @code=403>
[2015-12-07T10:30:19+00:00] FATAL: #<RestClient::RawResponse:0x0055dd48300658 @net_http_res=#<Net::HTTPForbidden 403 Forbidden readbody=true>, @args=:method=>"GET", :url=>"https://jb-chef-cookbook.s3.amazonaws.com/cookbooks+3.zip", :raw_response=>true, @file=#<Tempfile:/tmp/rest-client20151207-2439-1y4w8iq>, @code=403>

================================================================================
Error executing action `create` on resource 's3_file[/tmp/opsworks20151207-2439-1lgn8x6/archive]'
================================================================================


RestClient::Forbidden
---------------------
403 Forbidden


Cookbook Trace:
---------------
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:101:in `block in do_request'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:83:in `rescue in with_region_detect'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:78:in `with_region_detect'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:92:in `do_request'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:124:in `block in get_from_s3'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:122:in `each'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/libraries/s3_file.rb:122:in `get_from_s3'
/var/lib/aws/opsworks/cache.stage1/cookbooks/s3_file/providers/default.rb:65:in `block in class_from_file'


Resource Declaration:
---------------------
# In /var/lib/aws/opsworks/cache.stage1/cookbooks/scm_helper/libraries/s3.rb

38:         s3_file "#tmpdir/archive" do
39:           bucket s3_bucket
40:           remote_path s3_key
41:           aws_access_key_id scm_options[:user]
42:           aws_secret_access_key scm_options[:password]
43:           owner "root"
44:           group "root"
45:           mode "0600"
46:           # per default it's host-style addressing
47:           # but older versions of rest-client doesn't support host-style addressing with `_` in bucket name
48:           s3_url "https://s3.amazonaws.com/#s3_bucket" if s3_bucket.include?("_")
49:           action :create
50:         end
51: 
52:         execute 'extract files' do
53:           command "#node[:opsworks_agent][:current_dir]/bin/extract #tmpdir/archive"
54:         end
55: 
56:         execute 'create git repository' do
57:           cwd "#tmpdir/archive.d"
58:           command "find . -type d -name .git -exec rm -rf  \\;; find . -type f -name .gitignore -exec rm -f  \\;; git init; git add .; git config user.name 'AWS OpsWorks'; git config user.email 'root@localhost'; git commit -m 'Create temporary repository from downloaded contents.'"
59:         end
60: 
61:         "#tmpdir/archive.d"
62:       end
63:     end
64:   end



Compiled Resource:
------------------
# Declared in /var/lib/aws/opsworks/cache.stage1/cookbooks/scm_helper/libraries/s3.rb:38:in `prepare_s3_checkouts'

s3_file("/tmp/opsworks20151207-2439-1lgn8x6/archive") do
action [:create]
retries 0
retry_delay 2
cookbook_name "opsworks_custom_cookbooks"
recipe_name "checkout"
bucket "jb-chef-cookbook"
remote_path "cookbooks+3.zip"
owner "root"
group "root"
mode "0600"
path "/tmp/opsworks20151207-2439-1lgn8x6/archive"
end



[2015-12-07T10:30:19+00:00] INFO: Running queued delayed notifications before re-raising exception
[2015-12-07T10:30:19+00:00] ERROR: Running exception handlers
[2015-12-07T10:30:19+00:00] ERROR: Exception handlers complete
[2015-12-07T10:30:19+00:00] FATAL: Stacktrace dumped to /var/lib/aws/opsworks/cache.stage1/chef-stacktrace.out
[2015-12-07T10:30:19+00:00] ERROR: 403 Forbidden
[2015-12-07T10:30:19+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

缺少什么?!有什么建议吗?谢谢

【问题讨论】:

我猜这是 S3 权限问题或凭据问题。 【参考方案1】:

您尝试访问的 S3 文件没有正确设置权限。

【讨论】:

S3 存储桶对每个人都有打开/下载权限!以及 .zip 文件。 要么您的 ACL 不正确,要么您提供的凭据无效。选择一个。【参考方案2】:

谢谢,这是我的 ACL。我修复了它,现在我遇到了不同的问题!

[2015-12-08T13:07:18+00:00] 信息:HTTP 请求返回 404 Not Found:找不到对象:/reports/nodes/c2.localdomain/runs [2015-12-08T13:07:18+00:00] 信息:HTTP 请求返回 412 前提条件失败:没有这样的食谱:docker

缺少食谱:

没有这样的食谱:docker

[2015-12-08T13:07:18+00:00] 错误:运行异常处理程序 [2015-12-08T13:07:18+00:00] 错误:异常处理程序完成 [2015-12-08T13:07:18+00:00] 致命:堆栈跟踪转储到 /var/lib/aws/opsworks/cache.stage2/chef-stacktrace.out [2015-12-08T13:07:18+00:00] 错误:412“前提条件失败” [2015-12-08T13:07:18+00:00] 致命:Chef::Exceptions::ChildConvergeError:Chef 运行进程未成功退出(退出代码 1)

【讨论】:

以上是关于AWS OpsWorks S3 403 RestClient::Forbidden的主要内容,如果未能解决你的问题,请参考以下文章

Chef 12 + AWS Opsworks + 从 s3 部署应用程序

AWS OpsWorks - 无法使用 AWS OpsWorks 部署我的应用程序,尤其是无法成功迁移

选项请求的 AWS S3 CORS 403 错误

AWS S3 Java:d​​oesObjectExist 导致 403:禁止

AWS S3 getSignedUrl() 返回 403 禁止错误

nodeJS的AWS S3 403访问被拒绝问题