Chef-Server 12 Getting me errors when the node is not time synced

Question

I'm getting this error when the clock on my node is different than 15 minutes from my chef server.

Authentication Error:

Failed to authenticate to the chef server (http 401). enter code here`The request failed because your clock has drifted by more than 15 minutes.

Syncing your clock to an NTP Time source should resolve the issue.

Does Someone know how to change that setting on the server or other method to avoid this check? Thanks.

score 0 · Accepted Answer · answered Oct 19 '17 at 13:07

0

I solved this issue overriding a config on the server. I edited this file /etc/opscode/chef-server.rb

opscode_erchef['auth_skew] = put your threshold here on seconds
E.g: opscode_erchef['auth_skew] = 43200 (threshold of 12h)

With that way to solve, the Web Console, last check-in metric will be wrong, but it works fine.

answered Oct 19 '17 at 13:07

FlayRonin

1
3

1

Wow, we should probably disallow that. The check is there for security reasons, there is no reason to allow a skew that big and it opens you up to replay attacks. – coderanger Nov 08 '17 at 17:23

score 0 · Answer 2 · answered Oct 21 '17 at 03:41

0

If your time is out by more than 15 minutes, you probably don't have any time synchronisation enabled. You should install your distribution's preferred time synchronisation client (on CentOS/Red Hat it's chrony, on Ubuntu ntp) on both your Chef server and your chef clients.

answered Oct 21 '17 at 03:41

Paul Gear

3,938
15
36

I have time synchronization but some nodes are on different time zone. – FlayRonin Oct 23 '17 at 15:18
Time zones are irrelevant to the kernel and to NTP - they both work in UTC only. – Paul Gear Nov 07 '17 at 05:01

Chef-Server 12 Getting me errors when the node is not time synced

2 Answers2