Browse Source

Enable HTTPProxyToWSGI middleware to find actual client ips

Currently placement records REMOTE_ADDR environment as source ip but
this environment points load balancer ips instead of actual client ips
when placmenet runs behind load balancers like haproxy.

This change enables HTTPProxyToWSGI middleware to parse request
headers to look up actual client address.

Story: 2009049
Task: 42819
Change-Id: I4d15201dd2f94d00f4f2b53f773511ea020ef4ac
changes/11/800611/9
Takashi Kajinami 1 year ago
parent
commit
2007f8fb45
  1. 1
      etc/placement/config-generator.conf
  2. 4
      placement/conf/__init__.py
  3. 5
      placement/deploy.py
  4. 6
      releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml

1
etc/placement/config-generator.conf

@ -5,6 +5,7 @@ namespace = placement.conf
namespace = keystonemiddleware.auth_token
namespace = oslo.log
namespace = oslo.middleware.cors
namespace = oslo.middleware.http_proxy_to_wsgi
namespace = oslo.policy
namespace = osprofiler
# FIXME(mriedem): There are likely other missing 3rd party oslo library

4
placement/conf/__init__.py

@ -15,6 +15,7 @@
from oslo_log import log as logging
from oslo_middleware import cors
from oslo_middleware import http_proxy_to_wsgi
from oslo_policy import opts as policy_opts
from placement.conf import api
@ -35,6 +36,7 @@ def register_opts(conf):
placement.register_opts(conf)
logging.register_options(conf)
policy_opts.set_defaults(conf)
# The CORS middleware does not present a register_opts method, instead
# The oslo.middleware does not present a register_opts method, instead
# it shares a list of available opts.
conf.register_opts(cors.CORS_OPTS, 'cors')
conf.register_opts(http_proxy_to_wsgi.OPTS, 'oslo_middleware')

5
placement/deploy.py

@ -65,6 +65,7 @@ def deploy(conf):
microversion_middleware = mp_middleware.MicroversionMiddleware
fault_middleware = fault_wrap.FaultWrapper
request_log = requestlog.RequestLog
http_proxy_to_wsgi = oslo_middleware.HTTPProxyToWSGI
if os_profiler_web and 'profiler' in conf and conf.profiler.enabled:
osprofiler_middleware = os_profiler_web.WsgiMiddleware.factory(
@ -86,7 +87,8 @@ def deploy(conf):
json_error_formatter=util.json_error_formatter)
# NOTE(cdent): The ordering here is important. The list is ordered from the
# inside out. For a single request, request_log is called first (to extract
# inside out. For a single request, http_proxy_to_wsgi is called first to
# identify the source address and then request_log is called (to extract
# request context information and log the start of the request). If
# osprofiler_middleware is present (see above), it is first.
# fault_middleware is last in the stack described below, to wrap unexpected
@ -108,6 +110,7 @@ def deploy(conf):
auth_middleware,
cors_middleware,
request_log,
http_proxy_to_wsgi,
osprofiler_middleware,
):
if middleware:

6
releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml

@ -0,0 +1,6 @@
---
features:
- |
The ``HTTPProxyToWSGI`` middleware is now enabled in api pipeline. With
this middleware enabled, actual client addresses are recorded in request
logs in stead addresses of intermediate load balancers.
Loading…
Cancel
Save