Enable HTTPProxyToWSGI middleware to find actual client ips

Currently placement records REMOTE_ADDR environment as source ip but this environment points load balancer ips instead of actual client ips when placmenet runs behind load balancers like haproxy. This change enables HTTPProxyToWSGI middleware to parse request headers to look up actual client address. Story: 2009049 Task: 42819 Change-Id: I4d15201dd2f94d00f4f2b53f773511ea020ef4ac
2021-07-13 18:45:52 +09:00 · 2021-07-13 18:45:52 +09:00 · 2007f8fb45
parent f77a7f9928
commit 2007f8fb45
4 changed files with 14 additions and 2 deletions
--- a/etc/placement/config-generator.conf
+++ b/etc/placement/config-generator.conf
@ -5,6 +5,7 @@ namespace = placement.conf
 namespace = keystonemiddleware.auth_token
 namespace = oslo.log
 namespace = oslo.middleware.cors
+namespace = oslo.middleware.http_proxy_to_wsgi
 namespace = oslo.policy
 namespace = osprofiler
 # FIXME(mriedem): There are likely other missing 3rd party oslo library
--- a/placement/conf/init.py
+++ b/placement/conf/init.py
@ -15,6 +15,7 @@

 from oslo_log import log as logging
 from oslo_middleware import cors
+from oslo_middleware import http_proxy_to_wsgi
 from oslo_policy import opts as policy_opts

 from placement.conf import api
@ -35,6 +36,7 @@ def register_opts(conf):
    placement.register_opts(conf)
    logging.register_options(conf)
    policy_opts.set_defaults(conf)
-    # The CORS middleware does not present a register_opts method, instead
+    # The oslo.middleware does not present a register_opts method, instead
    # it shares a list of available opts.
    conf.register_opts(cors.CORS_OPTS, 'cors')
+    conf.register_opts(http_proxy_to_wsgi.OPTS, 'oslo_middleware')
--- a/placement/deploy.py
+++ b/placement/deploy.py
@ -65,6 +65,7 @@ def deploy(conf):
    microversion_middleware = mp_middleware.MicroversionMiddleware
    fault_middleware = fault_wrap.FaultWrapper
    request_log = requestlog.RequestLog
+    http_proxy_to_wsgi = oslo_middleware.HTTPProxyToWSGI

    if os_profiler_web and 'profiler' in conf and conf.profiler.enabled:
        osprofiler_middleware = os_profiler_web.WsgiMiddleware.factory(
@ -86,7 +87,8 @@ def deploy(conf):
        json_error_formatter=util.json_error_formatter)

    # NOTE(cdent): The ordering here is important. The list is ordered from the
-    # inside out. For a single request, request_log is called first (to extract
+    # inside out. For a single request, http_proxy_to_wsgi is called first to
+    # identify the source address and then request_log is called (to extract
    # request context information and log the start of the request). If
    # osprofiler_middleware is present (see above), it is first.
    # fault_middleware is last in the stack described below, to wrap unexpected
@ -108,6 +110,7 @@ def deploy(conf):
                       auth_middleware,
                       cors_middleware,
                       request_log,
+                       http_proxy_to_wsgi,
                       osprofiler_middleware,
                       ):
        if middleware:
--- a/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml
+++ b/releasenotes/notes/http_proxy_to_wsgi-6c8392d7eaed7c8d.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The ``HTTPProxyToWSGI`` middleware is now enabled in api pipeline. With
+    this middleware enabled, actual client addresses are recorded in request
+    logs in stead addresses of intermediate load balancers.