[JIRA] [s3] (JENKINS-23897) S3 plugin's signed URL expiry is extremely sensitive to clock drift

[cr...@2ndquadrant.com (JIRA)]

Craig Ringer created JENKINS-23897 S3 plugin's signed URL expiry is extremely sensitive to clock drift Issue Type: Improvement Assignee: Michael Watt Components: s3 Created: 21/Jul/14 6:50 AM Description: The S3 plugin is very sensitive to clock drift on the Jenkins server, as it signs URLs with a 4000ms (4s) expiry. This results in errors like: <Error> <Code>AccessDenied</Code> <Message>Request has expired</Message> <RequestId>DBB502010D433E63</RequestId> <Expires>2014-07-21T06:44:37Z</Expires> <HostId> 0RLt34WZ9rebc7yijszDZ2gquwYBMj1OENPUtc9KAVtXsATJPdwxoYatu3/+2QOB </HostId> <ServerTime>2014-07-21T06:47:58Z</ServerTime> </Error> which won't be super-informative to the user. I suggest two changes. First, default to a longer expiry, say 60 seconds, that allows for things like a little packet loss / a high latency connection / etc, and a little clock drift. Second, document the need for NTP to keep up reasonable clock sync. I'll follow up with a patch for both. Environment: s3-plugin 0.6, or 0.7-SNAPSHOT; Jenkins 1.573 or 1.574-SNAPSHOT Project: Jenkins Labels: timeout s3 Priority: Minor Reporter: Craig Ringer

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.