Rclone should use try using EKS IRSA role before EC2 role

r0bobo · April 23, 2021, 2:35pm

What is the problem you are having with rclone?

When I run rclone in EKS with IAM Roles for Service accounts it seems that the EC2 role is prioritized and picked before the EKS one. This is problematic in a default EKS setup because all the nodes will have an IAM role and there is seemingly no way to make it use the EKS role instead then.

I would have expected (I think most other tools that I have used does it this way) it to prioritize the EKS role and then use EC2 role as a fallback. Since it is optional to add an EKS IAM role you can always just not do that if you explicitly want to use the EC2 one.

Not sure if this counts as a bug or feature request though.

What is your rclone version (output from `rclone version`)

1.55.0

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Bottlerocket Linux 64bit

Which cloud storage system are you using? (eg Google Drive)

AWS S3

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone move --buffer-size=0 --error-on-no-transfer --no-check-dest --no-traverse --no-update-modtime --s3-env-auth --s3-no-check-bucket --s3-region=eu-central-1 --use-mmap "$SRC" "s3:$DEST"

The rclone config contents with secrets removed.

No config file, only this env var:

RCLONE_CONFIG_S3_TYPE=s3

asdffdsa · April 23, 2021, 3:18pm

hello and welcome to the fourm,

this should be a feature request, not a bug.
you can edit the topic by clicking the pencil

have you seen this or this

ncw · April 24, 2021, 10:35pm

I don't think the EKS role is working at the moment - see

github.com/rclone/rclone

[BUG] AWS s3 authentication via IAM role on fargate.

opened 01:26PM - 18 Apr 21 UTC

Xezed

bug

``` 2021/04/18 13:14:53 NOTICE: Config file "/config/rclone/rclone.conf" not fo…und - using defaults 2021/04/18 13:14:56 NOTICE: Config file "/config/rclone/rclone.conf" not found - using defaults 2021/04/18 13:14:56 DEBUG : rclone: Version "v1.56.0-beta.5413.31a8211af" starting with parameters ["rclone" "copy" ":sftp:hidden/hidden" "--sftp-host" "hidden" "--sftp-pass" "hidden" "--sftp-user" "hidden" ":s3:/hidden" "--s3-provider" "AWS" "--s3-env-auth" "--s3-region" "us-west-2" "--s3-acl" "bucket-owner-read" "-P" "-vv"] 2021/04/18 13:14:56 DEBUG : Creating backend with remote ":sftp:hidden/hidden" 2021/04/18 13:14:56 DEBUG : :sftp: detected overridden config - adding "{vxWIR}" suffix to name 2021/04/18 13:14:57 DEBUG : sftp://hidden@hidden:22/hidden/hidden: New connection 172.31.63.2:39344->hidden:22 to "SSH-2.0-HOSTED~FTP~ SFTP" 2021/04/18 13:14:57 DEBUG : sftp://hidden@hidden:22/hidden/hidden: Using absolute root directory "/hidden/hidden" 2021/04/18 13:14:57 DEBUG : fs cache: adding new entry for parent of ":sftp:hidden/hidden", ":sftp{vxWIR}:hidden" 2021/04/18 13:14:57 DEBUG : Creating backend with remote ":s3:/hidden" 2021/04/18 13:14:57 DEBUG : :s3: detected overridden config - adding "{R2Ag4}" suffix to name panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x1305ec2] ``` Have no idea what to do with it. Version 1.54.1 behave the very same way. In 1.55 you have sftp bug so can't test. Running it on Fargate from your image of course.

I would appreciate help fixing that as I don't have a proper understanding of all the IAM roles in AWS!

system · June 24, 2021, 6:36pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.