From 933f1dca3662b0667c90a3fc143c5245fe6b3f91 Mon Sep 17 00:00:00 2001 From: Florent Flament Date: Mon, 20 Jan 2014 10:07:53 +0000 Subject: [PATCH] Allow operators to customize max header size HTTP messages max header line size has been increased from 8K to 16K by default to allow using tokens including up to 14-15 catalog entries. The same issue (https://bugs.launchpad.net/swift/+bug/119014) may occur again in the future, if Keystone's catalog grows further. Allowing operators to customize the max header size, will allow them to have Nova working whatever the size of the catalog (if the option is properly set). Related-Bug: #1190149 DocImpact Change-Id: I96694ac9bc242267cfc9f4d0c18b2b7fe0000460 --- etc/nova/nova.conf.sample | 6 ++++++ nova/tests/test_wsgi.py | 8 ++++++++ nova/wsgi.py | 11 ++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample index 0da0754444ea..de1ff608dd22 100644 --- a/etc/nova/nova.conf.sample +++ b/etc/nova/nova.conf.sample @@ -513,6 +513,12 @@ # value) #wsgi_default_pool_size=1000 +# Maximum line size of message headers to be accepted. +# max_header_line may need to be increased when using large +# tokens (typically those generated by the Keystone v3 API +# with big service catalogs). (integer value) +#max_header_line=16384 + # # Options defined in nova.api.auth diff --git a/nova/tests/test_wsgi.py b/nova/tests/test_wsgi.py index cb59b910668f..6a31b2db38a5 100644 --- a/nova/tests/test_wsgi.py +++ b/nova/tests/test_wsgi.py @@ -21,18 +21,21 @@ import tempfile import testtools import eventlet +import eventlet.wsgi import requests import nova.exception from nova import test from nova.tests import utils import nova.wsgi +from oslo.config import cfg import urllib2 import webob SSL_CERT_DIR = os.path.normpath(os.path.join( os.path.dirname(os.path.abspath(__file__)), 'ssl_cert')) +CONF = cfg.CONF class TestLoaderNothingExists(test.NoDBTestCase): @@ -100,6 +103,11 @@ class TestWSGIServer(test.NoDBTestCase): server = nova.wsgi.Server("test_app", None) self.assertEqual("test_app", server.name) + def test_custom_max_header_line(self): + CONF.max_header_line = 4096 # Default value is 16384. + server = nova.wsgi.Server("test_custom_max_header_line", None) + self.assertEqual(CONF.max_header_line, eventlet.wsgi.MAX_HEADER_LINE) + def test_start_random_port(self): server = nova.wsgi.Server("test_random_port", None, host="127.0.0.1", port=0) diff --git a/nova/wsgi.py b/nova/wsgi.py index c181c29c7215..4c2c9c8ba557 100644 --- a/nova/wsgi.py +++ b/nova/wsgi.py @@ -38,9 +38,6 @@ from nova.openstack.common import excutils from nova.openstack.common.gettextutils import _ from nova.openstack.common import log as logging -# Raise the default from 8192 to accommodate large tokens -eventlet.wsgi.MAX_HEADER_LINE = 16384 - wsgi_opts = [ cfg.StrOpt('api_paste_config', default="api-paste.ini", @@ -66,6 +63,12 @@ wsgi_opts = [ cfg.IntOpt('wsgi_default_pool_size', default=1000, help="Size of the pool of greenthreads used by wsgi"), + cfg.IntOpt('max_header_line', + default=16384, + help="Maximum line size of message headers to be accepted. " + "max_header_line may need to be increased when using " + "large tokens (typically those generated by the " + "Keystone v3 API with big service catalogs)."), ] CONF = cfg.CONF CONF.register_opts(wsgi_opts) @@ -93,6 +96,8 @@ class Server(object): :returns: None :raises: nova.exception.InvalidInput """ + # Allow operators to customize http requests max header line size. + eventlet.wsgi.MAX_HEADER_LINE = CONF.max_header_line self.name = name self.app = app self._server = None