From 865243c16751e18e28b60ef03ecaada44c22cd13 Mon Sep 17 00:00:00 2001 From: Florent Flament Date: Tue, 14 Jan 2014 15:58:38 +0000 Subject: [PATCH] Fix Error 400 Header Line Too Long Fix Error 400 Header Line Too Long when using Identity v3 PKI Tokens Uses swift.conf max_header_size option to set wsgi.MAX_HEADER_LINE, allowing the operator to customize this parameter. The default value has been let to 8192 to avoid unexpected configuration change on deployed platforms. The max_header_size option has to be increased (for example to 16384), to accomodate for large Identity v3 PKI tokens, including more than 7 catalog entries. The default max header line size of 8192 is exceeded in the following scenario: - Auth tokens generated by Keystone v3 API include the catalog. - Keystone's catalog contains more than 7 services. Similar fixes have been merged in other projects. Change-Id: Ia838b18331f57dfd02b9f71d4523d4059f38e600 Closes-Bug: 1190149 --- doc/source/deployment_guide.rst | 20 ++++++++++++++++++++ etc/swift.conf-sample | 9 +++++---- swift/common/wsgi.py | 5 ++++- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/doc/source/deployment_guide.rst b/doc/source/deployment_guide.rst index 31b5eed8cb..d2884b2e6f 100644 --- a/doc/source/deployment_guide.rst +++ b/doc/source/deployment_guide.rst @@ -304,7 +304,27 @@ The main rule to remember when working with Swift configuration files is: using the ``set`` syntax or you'll probably mess up your non-paste.deploy configuration files. +-------------------- +Common configuration +-------------------- +An example of common configuration file can be found at etc/swift.conf-sample + +The following configuration options are available: + +=================== ========== ============================================= +Option Default Description +------------------- ---------- --------------------------------------------- +max_header_size 8192 max_header_size is the max number of bytes in + the utf8 encoding of each header. Using 8192 + as default because eventlet use 8192 as max + size of header line. This value may need to + be increased when using identity v3 API + tokens including more than 7 catalog entries. + See also include_service_catalog in + proxy-server.conf-sample (documented in + overview_auth.rst) +=================== ========== ============================================= --------------------------- Object Server Configuration diff --git a/etc/swift.conf-sample b/etc/swift.conf-sample index 18f649b047..50c0463bd8 100644 --- a/etc/swift.conf-sample +++ b/etc/swift.conf-sample @@ -47,11 +47,12 @@ swift_hash_path_prefix = changeme #max_meta_overall_size = 4096 - # max_header_size is the max number of bytes in the utf8 encoding of each -# header. Using 8192 as default becasue eventlet use 8192 as max size of -# header line and the longest header passed from Keystone(PKI token) uses -# 8192 as default too. +# header. Using 8192 as default because eventlet use 8192 as max size of +# header line. This value may need to be increased when using identity +# v3 API tokens including more than 7 catalog entries. +# See also include_service_catalog in proxy-server.conf-sample +# (documented in overview_auth.rst) #max_header_size = 8192 diff --git a/swift/common/wsgi.py b/swift/common/wsgi.py index d2a75c6c0c..2ff6446da9 100644 --- a/swift/common/wsgi.py +++ b/swift/common/wsgi.py @@ -31,13 +31,16 @@ from paste.deploy import loadwsgi from eventlet.green import socket, ssl from urllib import unquote -from swift.common import utils +from swift.common import utils, constraints from swift.common.swob import Request from swift.common.utils import capture_stdio, disable_fallocate, \ drop_privileges, get_logger, NullLogger, config_true_value, \ validate_configuration, get_hub, config_auto_int_value, \ CloseableChain +# Set maximum line size of message headers to be accepted. +wsgi.MAX_HEADER_LINE = constraints.MAX_HEADER_SIZE + try: import multiprocessing CPU_COUNT = multiprocessing.cpu_count() or 1