Browse Source

Raise the default max header to accommodate large tokens

PKI tokens hit the default limit if there is enough
services defined in the keystone catalog.

Also the v3 catalog is larger than the v2 catalog which would explain
why this bug is being hit just now.

This change adds the configuration option max_header_line to each of the
API confurations which has a default of 16384.

Closes-Bug: #1190149
Change-Id: I5da09aa08a1242c5e356bd8bf532baa9347ce075
(cherry picked from commit 0b02feb20d)
Steve Baker 5 years ago
parent
commit
defcf235c1
2 changed files with 34 additions and 0 deletions
  1. 18
    0
      etc/heat/heat.conf.sample
  2. 16
    0
      heat/common/wsgi.py

+ 18
- 0
etc/heat/heat.conf.sample View File

@@ -633,6 +633,12 @@
633 633
 # Number of workers for Heat service (integer value)
634 634
 #workers=0
635 635
 
636
+# Maximum line size of message headers to be accepted.
637
+# max_header_line may need to be increased when using large
638
+# tokens (typically those generated by the Keystone v3 API
639
+# with big service catalogs (integer value)
640
+#max_header_line=16384
641
+
636 642
 
637 643
 [heat_api]
638 644
 
@@ -662,6 +668,12 @@
662 668
 # Number of workers for Heat service (integer value)
663 669
 #workers=0
664 670
 
671
+# Maximum line size of message headers to be accepted.
672
+# max_header_line may need to be increased when using large
673
+# tokens (typically those generated by the Keystone v3 API
674
+# with big service catalogs (integer value)
675
+#max_header_line=16384
676
+
665 677
 
666 678
 [heat_api_cfn]
667 679
 
@@ -691,6 +703,12 @@
691 703
 # Number of workers for Heat service (integer value)
692 704
 #workers=0
693 705
 
706
+# Maximum line size of message headers to be accepted.
707
+# max_header_line may need to be increased when using large
708
+# tokens (typically those generated by the Keystone v3 API
709
+# with big service catalogs (integer value)
710
+#max_header_line=16384
711
+
694 712
 
695 713
 [auth_password]
696 714
 

+ 16
- 0
heat/common/wsgi.py View File

@@ -73,6 +73,11 @@ api_opts = [
73 73
     cfg.IntOpt('workers', default=0,
74 74
                help=_("Number of workers for Heat service"),
75 75
                deprecated_group='DEFAULT'),
76
+    cfg.IntOpt('max_header_line', default=16384,
77
+               help=_('Maximum line size of message headers to be accepted. '
78
+                      'max_header_line may need to be increased when using '
79
+                      'large tokens (typically those generated by the '
80
+                      'Keystone v3 API with big service catalogs')),
76 81
 ]
77 82
 api_group = cfg.OptGroup('heat_api')
78 83
 cfg.CONF.register_group(api_group)
@@ -102,6 +107,11 @@ api_cfn_opts = [
102 107
     cfg.IntOpt('workers', default=0,
103 108
                help=_("Number of workers for Heat service"),
104 109
                deprecated_group='DEFAULT'),
110
+    cfg.IntOpt('max_header_line', default=16384,
111
+               help=_('Maximum line size of message headers to be accepted. '
112
+                      'max_header_line may need to be increased when using '
113
+                      'large tokens (typically those generated by the '
114
+                      'Keystone v3 API with big service catalogs')),
105 115
 ]
106 116
 api_cfn_group = cfg.OptGroup('heat_api_cfn')
107 117
 cfg.CONF.register_group(api_cfn_group)
@@ -131,6 +141,11 @@ api_cw_opts = [
131 141
     cfg.IntOpt('workers', default=0,
132 142
                help=_("Number of workers for Heat service"),
133 143
                deprecated_group='DEFAULT'),
144
+    cfg.IntOpt('max_header_line', default=16384,
145
+               help=_('Maximum line size of message headers to be accepted. '
146
+                      'max_header_line may need to be increased when using '
147
+                      'large tokens (typically those generated by the '
148
+                      'Keystone v3 API with big service catalogs')),
134 149
 ]
135 150
 api_cw_group = cfg.OptGroup('heat_api_cloudwatch')
136 151
 cfg.CONF.register_group(api_cw_group)
@@ -250,6 +265,7 @@ class Server(object):
250 265
             signal.signal(signal.SIGHUP, signal.SIG_IGN)
251 266
             self.running = False
252 267
 
268
+        eventlet.wsgi.MAX_HEADER_LINE = conf.max_header_line
253 269
         self.application = application
254 270
         self.sock = get_socket(conf, default_port)
255 271
 

Loading…
Cancel
Save