I'm trying the rclone serve s3
functionality and am finding that uploads large enough to trigger a CreateMultipartUpload
result in an access denied error.
version:
# rclone version
rclone v1.65.2
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 6.2.0-1017-aws (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.21.6
- go/linking: static
- go/tags: none
config.ini
# cat /config.ini
[serves3]
type = s3
provider = Rclone
endpoint = http://0.0.0.0:8080/
use_multipart_uploads = false
disable_multipart_uploads = true
server:
rclone serve s3 --config /config.ini --auth-key xxxxxxx,yyyyyyy -vvvv --s3-disable-checksum /data
Uploading a small (40MB) file works fine:
# aws s3 cp ./smallfile s3://uploads/ --endpoint-url=http://localhost:8080
2024/01/24 19:03:33 DEBUG : serve s3: CREATE OBJECT: uploads smallfile
2024/01/24 19:03:33 DEBUG : uploads/smallfile: OpenFile: flags=O_RDWR|O_CREATE|O_TRUNC, perm=-rw-rw-rw-
2024/01/24 19:03:33 DEBUG : uploads/smallfile: Open: flags=O_RDWR|O_CREATE|O_TRUNC
2024/01/24 19:03:33 DEBUG : uploads: Added virtual directory entry vAddFile: "smallfile"
2024/01/24 19:03:33 DEBUG : uploads/smallfile: >Open: fd=uploads/smallfile (w), err=<nil>
2024/01/24 19:03:33 DEBUG : uploads/smallfile: >OpenFile: fd=uploads/smallfile (w), err=<nil>
2024/01/24 19:03:33 DEBUG : uploads: Added virtual directory entry vAddFile: "smallfile"
2024/01/24 19:03:33 DEBUG : uploads/smallfile: md5 = 62e30d71405e813abeb11e39e4ab285a OK
2024/01/24 19:03:33 DEBUG : uploads/smallfile: Size and md5 of src and dst objects identical
2024/01/24 19:03:33 DEBUG : uploads: Added virtual directory entry vAddFile: "smallfile"
upload: ./smallfile to s3://uploads/smallfile
Uploading a 500MB file fails:
# aws s3 cp ./medfile s3://uploads/ --endpoint-url=http://localhost:8080
2024/01/24 19:04:49 INFO : serve s3: Access Denied: 127.0.0.1:42064 => /uploads/medfile?uploads
upload failed: ./medfile to s3://uploads/medfile An error occurred () when calling the CreateMultipartUpload operation:
I know the docs says:
Multipart server side copies do not work (see #7454). These take a very long time and eventually fail. The default threshold for multipart server side copies is 5G which is the maximum it can be, so files above this side will fail to be server side copied.
but this is a client -> server copy. If I remove the --auth-key
setting from the rclone serve call then everything works fine.
# aws s3 cp ./medfile s3://uploads/ --endpoint-url=http://localhost:8080
2024/01/24 19:27:00 DEBUG : serve s3: initiate multipart upload uploads medfile
2024/01/24 19:27:00 DEBUG : serve s3: put multipart upload uploads medfile 1
2024/01/24 19:27:00 DEBUG : serve s3: put multipart upload uploads medfile 1
....