From 2007f8fb458c7e333d7dfef2159b8de153583ced Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 13 Jul 2021 18:45:52 +0900 Subject: [PATCH] Enable HTTPProxyToWSGI middleware to find actual client ips Currently placement records REMOTE_ADDR environment as source ip but this environment points load balancer ips instead of actual client ips when placmenet runs behind load balancers like haproxy. This change enables HTTPProxyToWSGI middleware to parse request headers to look up actual client address. Story: 2009049 Task: 42819 Change-Id: I4d15201dd2f94d00f4f2b53f773511ea020ef4ac --- etc/placement/config-generator.conf | 1 + placement/conf/__init__.py | 4 +++- placement/deploy.py | 5 ++++- releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml | 6 ++++++ 4 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml diff --git a/etc/placement/config-generator.conf b/etc/placement/config-generator.conf index 67cd782ec..4bb4913e9 100644 --- a/etc/placement/config-generator.conf +++ b/etc/placement/config-generator.conf @@ -5,6 +5,7 @@ namespace = placement.conf namespace = keystonemiddleware.auth_token namespace = oslo.log namespace = oslo.middleware.cors +namespace = oslo.middleware.http_proxy_to_wsgi namespace = oslo.policy namespace = osprofiler # FIXME(mriedem): There are likely other missing 3rd party oslo library diff --git a/placement/conf/__init__.py b/placement/conf/__init__.py index 74049591f..d35d075ef 100644 --- a/placement/conf/__init__.py +++ b/placement/conf/__init__.py @@ -15,6 +15,7 @@ from oslo_log import log as logging from oslo_middleware import cors +from oslo_middleware import http_proxy_to_wsgi from oslo_policy import opts as policy_opts from placement.conf import api @@ -35,6 +36,7 @@ def register_opts(conf): placement.register_opts(conf) logging.register_options(conf) policy_opts.set_defaults(conf) - # The CORS middleware does not present a register_opts method, instead + # The oslo.middleware does not present a register_opts method, instead # it shares a list of available opts. conf.register_opts(cors.CORS_OPTS, 'cors') + conf.register_opts(http_proxy_to_wsgi.OPTS, 'oslo_middleware') diff --git a/placement/deploy.py b/placement/deploy.py index 69d62e509..014486c62 100644 --- a/placement/deploy.py +++ b/placement/deploy.py @@ -65,6 +65,7 @@ def deploy(conf): microversion_middleware = mp_middleware.MicroversionMiddleware fault_middleware = fault_wrap.FaultWrapper request_log = requestlog.RequestLog + http_proxy_to_wsgi = oslo_middleware.HTTPProxyToWSGI if os_profiler_web and 'profiler' in conf and conf.profiler.enabled: osprofiler_middleware = os_profiler_web.WsgiMiddleware.factory( @@ -86,7 +87,8 @@ def deploy(conf): json_error_formatter=util.json_error_formatter) # NOTE(cdent): The ordering here is important. The list is ordered from the - # inside out. For a single request, request_log is called first (to extract + # inside out. For a single request, http_proxy_to_wsgi is called first to + # identify the source address and then request_log is called (to extract # request context information and log the start of the request). If # osprofiler_middleware is present (see above), it is first. # fault_middleware is last in the stack described below, to wrap unexpected @@ -108,6 +110,7 @@ def deploy(conf): auth_middleware, cors_middleware, request_log, + http_proxy_to_wsgi, osprofiler_middleware, ): if middleware: diff --git a/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml b/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml new file mode 100644 index 000000000..8f086e32e --- /dev/null +++ b/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + The ``HTTPProxyToWSGI`` middleware is now enabled in api pipeline. With + this middleware enabled, actual client addresses are recorded in request + logs in stead addresses of intermediate load balancers.