Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local time sanity check fail #96

Open
avnr opened this issue May 13, 2015 · 3 comments
Open

Local time sanity check fail #96

avnr opened this issue May 13, 2015 · 3 comments

Comments

@avnr
Copy link

avnr commented May 13, 2015

I've been working with your truly awesome aws for years, until a while ago I started getting the error sanity-check: Problems accessing AWS. Is curl installed?. After some digging I found that the target S3 host (Dreamhost, using Ceph) has dropped the Date: header from their responses, which got aws kinda confused.

For the sake of other users who might encounter this problem it might be beneficial to gracefully handle such a situation. I didn't make a PULL request as I'm not entirely sure why this check is needed, AFAIAC this test can be skipped. Alternatively it would be possible to alert about the absence of the Date: header, and/or check the time against NIST.
@timkay
Copy link
Owner

timkay commented May 13, 2015

Thanks for the great feedback! I'm glad "aws" has been working for you.

"aws" does this sanity check because lots of users ran into problem without it. By default, "aws" signs requests to be valid for 30 seconds. If your computer's clock is off by more than 30 seconds, then all your requests would be expired the instant they are signed. I added the sanity check to do two things. First it warns the user that the clock is off. Second, it computes the clock offset, and it uses the result to adjust the signing of all requests. After the signing request (and the possible display of the warning that your clock is off), requests will succeed anyway because of the offset.

If you don't want the sanity check, you can either add --sanity-check to turn off sanity check (poorly named, I know), or create a ~/.awsrc file. The existence of that file will disable sanity checks. A second consequence of turning off sanity checks is that requests will be processed faster.

@avnr
Copy link
Author

avnr commented May 13, 2015

Thanks for the quick response!

I indeed turned off sanity check once I diagnosed the problem and that worked for me, no complaints. I just thought of saving the time of other users who might run into this same problem. We're using the script in production scenarios and when it failed we had to do tons of stuff manually until I had a few hours to investigate what went wrong. If the script would have been aware that the S3 host didn't send the Date: header and suggest some graceful alternative then we could have saved plenty of time.

All that said, documenting the script's behavior in this thread is already a partial solution, should it come up in the search result of someone in need.

@timkay
Copy link
Owner

timkay commented May 14, 2015

You make a great point: If it fails to find a Date: header, then it should behave better. I'll make that change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timkay @avnr