Browse Source

Raise the default max header to accommodate large tokens

PKI tokens hit the default limit if there is enough
services defined in the keystone catalog.

Also the v3 catalog is larger than the v2 catalog which would explain
why this bug is being hit just now.

This change adds the configuration option max_header_line to each of the
API confurations which has a default of 16384.

Closes-Bug: #1190149
Change-Id: I5da09aa08a1242c5e356bd8bf532baa9347ce075
tags/2014.1.b3
Steve Baker 5 years ago
parent
commit
0b02feb20d
2 changed files with 34 additions and 0 deletions
  1. 18
    0
      etc/heat/heat.conf.sample
  2. 16
    0
      heat/common/wsgi.py

+ 18
- 0
etc/heat/heat.conf.sample View File

@@ -870,6 +870,12 @@
870 870
 # Number of workers for Heat service (integer value)
871 871
 #workers=0
872 872
 
873
+# Maximum line size of message headers to be accepted.
874
+# max_header_line may need to be increased when using large
875
+# tokens (typically those generated by the Keystone v3 API
876
+# with big service catalogs (integer value)
877
+#max_header_line=16384
878
+
873 879
 
874 880
 [heat_api_cfn]
875 881
 
@@ -899,6 +905,12 @@
899 905
 # Number of workers for Heat service (integer value)
900 906
 #workers=0
901 907
 
908
+# Maximum line size of message headers to be accepted.
909
+# max_header_line may need to be increased when using large
910
+# tokens (typically those generated by the Keystone v3 API
911
+# with big service catalogs (integer value)
912
+#max_header_line=16384
913
+
902 914
 
903 915
 [heat_api_cloudwatch]
904 916
 
@@ -928,6 +940,12 @@
928 940
 # Number of workers for Heat service (integer value)
929 941
 #workers=0
930 942
 
943
+# Maximum line size of message headers to be accepted.
944
+# max_header_line may need to be increased when using large
945
+# tokens (typically those generated by the Keystone v3 API
946
+# with big service catalogs (integer value)
947
+#max_header_line=16384
948
+
931 949
 
932 950
 [keystone_authtoken]
933 951
 

+ 16
- 0
heat/common/wsgi.py View File

@@ -73,6 +73,11 @@ api_opts = [
73 73
     cfg.IntOpt('workers', default=0,
74 74
                help=_("Number of workers for Heat service"),
75 75
                deprecated_group='DEFAULT'),
76
+    cfg.IntOpt('max_header_line', default=16384,
77
+               help=_('Maximum line size of message headers to be accepted. '
78
+                      'max_header_line may need to be increased when using '
79
+                      'large tokens (typically those generated by the '
80
+                      'Keystone v3 API with big service catalogs')),
76 81
 ]
77 82
 api_group = cfg.OptGroup('heat_api')
78 83
 cfg.CONF.register_group(api_group)
@@ -102,6 +107,11 @@ api_cfn_opts = [
102 107
     cfg.IntOpt('workers', default=0,
103 108
                help=_("Number of workers for Heat service"),
104 109
                deprecated_group='DEFAULT'),
110
+    cfg.IntOpt('max_header_line', default=16384,
111
+               help=_('Maximum line size of message headers to be accepted. '
112
+                      'max_header_line may need to be increased when using '
113
+                      'large tokens (typically those generated by the '
114
+                      'Keystone v3 API with big service catalogs')),
105 115
 ]
106 116
 api_cfn_group = cfg.OptGroup('heat_api_cfn')
107 117
 cfg.CONF.register_group(api_cfn_group)
@@ -131,6 +141,11 @@ api_cw_opts = [
131 141
     cfg.IntOpt('workers', default=0,
132 142
                help=_("Number of workers for Heat service"),
133 143
                deprecated_group='DEFAULT'),
144
+    cfg.IntOpt('max_header_line', default=16384,
145
+               help=_('Maximum line size of message headers to be accepted. '
146
+                      'max_header_line may need to be increased when using '
147
+                      'large tokens (typically those generated by the '
148
+                      'Keystone v3 API with big service catalogs')),
134 149
 ]
135 150
 api_cw_group = cfg.OptGroup('heat_api_cloudwatch')
136 151
 cfg.CONF.register_group(api_cw_group)
@@ -250,6 +265,7 @@ class Server(object):
250 265
             signal.signal(signal.SIGHUP, signal.SIG_IGN)
251 266
             self.running = False
252 267
 
268
+        eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line
253 269
         self.application = application
254 270
         self.sock = get_socket(conf, default_port)
255 271
 

Loading…
Cancel
Save