Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Swift proxy-server returns 401 unauthorized after frist time usage of X-Auth-Token

I am having a strange Swift Object Storage behavior. Swith proxy-server returns 401 unauthorized after first time usage of X-Auth-Token.

Right after authenticating the user with Keystone, If I make swift call with X-Auth-Token I get a positive response. However, when I make subsequent swift call with same X-Auth-Token, I am getting X-Auth-Token.

Here is the response.

Token: 3884360301614d70be1269f3c5e68496"
HTTP/1.1 401 Unauthorized
Content-Length: 131
Content-Type: text/html; charset=UTF-8
Www-Authenticate: Swift realm="KEY_86ec0f1300ed4e31a2020095ca0fe66a"
WWW-Authenticate: Keystone uri='http://d720vm08oel65.corp.tdsols.com:5000/'
X-Trans-Id: tx05ea5e95bc7141d2bfc94-00567ef2af
Date: Sat, 26 Dec 2015 20:03:59 GMT
Strict-Transport-Security: max-age=31536000
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

<html><h1>Unauthorized</h1><p>This server could not verify that you are authorized to access the document you requested.</p></html>r

Investigation so far:

  1. I find X-Auth-Token is valid in Keystone. Verified in Token table in persisted db.
  2. On swift proxy-node: in /var/log/swift/all.log, I see below log statements.

    Dec 26 11:08:11 localhost proxy-server: authtoken: Authorization failed for token (txn: tx4a5ed358feea453eb7e32-00567ee59b) Dec 26 11:08:11 localhost proxy-server: authtoken: Invalid user token - deferring reject downstream (txn: tx4a5ed358feea453eb7e32-00567ee59b)

My environment:

Keystone Identity Server Load Balanced 3 swift nodes:

Node 1: proxy-server (with Keystone auth), account, container and object server Node 2: proxy-server (with Keystone auth), account, container and object server Node 3: proxy-server (with Keystone auth), account, container and object server

Please advice.