Add enable_proxy_headers_parsing option
This option determines if the middleware should parse the headers or not. Can be used in case if application is behind the reverse proxy. Change-Id: I22deb886706fe71115a04fb52a7051be4783a5c4 Related-bug: #1576740
This commit is contained in:
Mykyta Karpin
parent
881701c415
commit
9f1b261c82
|
|
@ -136,6 +136,11 @@
|
|||
# (optional) Enable or not Nova API v3
|
||||
# Defaults to false
|
||||
#
|
||||
# [*enable_proxy_headers_parsing*]
|
||||
# (optional) This determines if the HTTPProxyToWSGI
|
||||
# middleware should parse the proxy headers or not.(boolean value)
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*default_floating_pool*]
|
||||
# (optional) Default pool for floating IPs
|
||||
# Defaults to 'nova'
|
||||
|
|
@ -175,43 +180,44 @@
|
|||
#
|
||||
class nova::api(
|
||||
$admin_password,
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
$api_paste_config = 'api-paste.ini',
|
||||
$ensure_package = 'present',
|
||||
$auth_uri = 'http://127.0.0.1:5000/',
|
||||
$identity_uri = 'http://127.0.0.1:35357/',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_user = 'nova',
|
||||
$api_bind_address = '0.0.0.0',
|
||||
$osapi_compute_listen_port = 8774,
|
||||
$metadata_listen = '0.0.0.0',
|
||||
$metadata_listen_port = 8775,
|
||||
$enabled_apis = ['osapi_compute', 'metadata'],
|
||||
$use_forwarded_for = false,
|
||||
$osapi_compute_workers = $::processorcount,
|
||||
$metadata_workers = $::processorcount,
|
||||
$sync_db = true,
|
||||
$sync_db_api = true,
|
||||
$enabled = true,
|
||||
$manage_service = true,
|
||||
$api_paste_config = 'api-paste.ini',
|
||||
$ensure_package = 'present',
|
||||
$auth_uri = 'http://127.0.0.1:5000/',
|
||||
$identity_uri = 'http://127.0.0.1:35357/',
|
||||
$admin_tenant_name = 'services',
|
||||
$admin_user = 'nova',
|
||||
$api_bind_address = '0.0.0.0',
|
||||
$osapi_compute_listen_port = 8774,
|
||||
$metadata_listen = '0.0.0.0',
|
||||
$metadata_listen_port = 8775,
|
||||
$enabled_apis = ['osapi_compute', 'metadata'],
|
||||
$use_forwarded_for = false,
|
||||
$osapi_compute_workers = $::processorcount,
|
||||
$metadata_workers = $::processorcount,
|
||||
$sync_db = true,
|
||||
$sync_db_api = true,
|
||||
$neutron_metadata_proxy_shared_secret = undef,
|
||||
$osapi_v3 = false,
|
||||
$default_floating_pool = 'nova',
|
||||
$pci_alias = undef,
|
||||
$ratelimits = undef,
|
||||
$ratelimits_factory =
|
||||
$osapi_v3 = false,
|
||||
$default_floating_pool = 'nova',
|
||||
$pci_alias = undef,
|
||||
$ratelimits = undef,
|
||||
$ratelimits_factory =
|
||||
'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory',
|
||||
$validate = false,
|
||||
$validation_options = {},
|
||||
$instance_name_template = undef,
|
||||
$fping_path = '/usr/sbin/fping',
|
||||
$service_name = $::nova::params::api_service_name,
|
||||
$validate = false,
|
||||
$validation_options = {},
|
||||
$instance_name_template = undef,
|
||||
$fping_path = '/usr/sbin/fping',
|
||||
$service_name = $::nova::params::api_service_name,
|
||||
$enable_proxy_headers_parsing = $::os_service_default,
|
||||
# DEPRECATED PARAMETER
|
||||
$conductor_workers = undef,
|
||||
$ec2_listen_port = undef,
|
||||
$ec2_workers = undef,
|
||||
$keystone_ec2_url = undef,
|
||||
$auth_version = false,
|
||||
$volume_api_class = undef,
|
||||
$conductor_workers = undef,
|
||||
$ec2_listen_port = undef,
|
||||
$ec2_workers = undef,
|
||||
$keystone_ec2_url = undef,
|
||||
$auth_version = false,
|
||||
$volume_api_class = undef,
|
||||
) inherits nova::params {
|
||||
|
||||
include ::nova::deps
|
||||
|
|
@ -311,6 +317,10 @@ class nova::api(
|
|||
'osapi_v3/enabled': value => $osapi_v3;
|
||||
}
|
||||
|
||||
oslo::middleware {'nova_config':
|
||||
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
|
||||
}
|
||||
|
||||
if ($neutron_metadata_proxy_shared_secret){
|
||||
nova_config {
|
||||
'neutron/service_metadata_proxy': value => true;
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ describe 'nova::api' do
|
|||
is_expected.to contain_nova_config('DEFAULT/metadata_workers').with('value' => '5')
|
||||
is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'nova')
|
||||
is_expected.to contain_nova_config('DEFAULT/fping_path').with('value' => '/usr/sbin/fping')
|
||||
is_expected.to contain_nova_config('oslo_middleware/enable_proxy_headers_parsing').with('value' => '<SERVICE DEFAULT>')
|
||||
end
|
||||
|
||||
it 'do not configure v3 api' do
|
||||
|
|
@ -100,7 +101,8 @@ describe 'nova::api' do
|
|||
:metadata_workers => 2,
|
||||
:default_floating_pool => 'public',
|
||||
:osapi_v3 => true,
|
||||
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]"
|
||||
:pci_alias => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
|
||||
:enable_proxy_headers_parsing => true
|
||||
})
|
||||
end
|
||||
|
||||
|
|
@ -146,6 +148,7 @@ describe 'nova::api' do
|
|||
is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'public')
|
||||
is_expected.to contain_nova_config('neutron/service_metadata_proxy').with('value' => true)
|
||||
is_expected.to contain_nova_config('neutron/metadata_proxy_shared_secret').with('value' => 'secrete')
|
||||
is_expected.to contain_nova_config('oslo_middleware/enable_proxy_headers_parsing').with('value' => true)
|
||||
end
|
||||
|
||||
it 'configure nova api v3' do
|
||||
|
|
|
|||
Loading…
Reference in New Issue