Swift proxy-server returns 401 unauthorized after frist time usage of X-Auth-Token

asked 2015-12-28 16:42:45 -0500

Raman gravatar image

I am having a strange Swift Object Storage behavior. Swith proxy-server returns 401 unauthorized after first time usage of X-Auth-Token.

Right after authenticating the user with Keystone, If I make swift call with X-Auth-Token I get a positive response. However, when I make subsequent swift call with same X-Auth-Token, I am getting X-Auth-Token.

Here is the response.

Token: 3884360301614d70be1269f3c5e68496"
HTTP/1.1 401 Unauthorized
Content-Length: 131
Content-Type: text/html; charset=UTF-8
Www-Authenticate: Swift realm="KEY_86ec0f1300ed4e31a2020095ca0fe66a"
WWW-Authenticate: Keystone uri='http://d720vm08oel65.corp.tdsols.com:5000/'
X-Trans-Id: tx05ea5e95bc7141d2bfc94-00567ef2af
Date: Sat, 26 Dec 2015 20:03:59 GMT
Strict-Transport-Security: max-age=31536000
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

<html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>r

Investigation so far:

  1. I find X-Auth-Token is valid in Keystone. Verified in Token table in persisted db.
  2. On swift proxy-node: in /var/log/swift/all.log, I see below log statements.

    Dec 26 11:08:11 localhost proxy-server: authtoken: Authorization failed for token (txn: tx4a5ed358feea453eb7e32-00567ee59b) Dec 26 11:08:11 localhost proxy-server: authtoken: Invalid user token - deferring reject downstream (txn: tx4a5ed358feea453eb7e32-00567ee59b)

My environment:

Keystone Identity Server Load Balanced 3 swift nodes:

Node 1: proxy-server (with Keystone auth), account, container and object server Node 2: proxy-server (with Keystone auth), account, container and object server Node 3: proxy-server (with Keystone auth), account, container and object server

Please advice.

edit retag flag offensive close merge delete

Comments

Please run the following command and confirm that the Swift user has the admin role on the Service tenant.

openstack user role list --project service swift

Tony gravatar imageTony ( 2016-01-01 11:29:54 -0500 )edit