Browse Source

NSX|V3: support LBaaS X-Forwarded-For headers

Addeing a new configuration option to the v3 plugin: lbaas_inject_xff_header
When set to True, the L7 listener application profile will have
x_forwarded_for = INSERT, and the X-Forwarded-For header will be added
to requests.

Change-Id: I27e8df4a17a1c0cb533019a5e0f617c5a563693b
changes/53/739453/1
asarfaty 1 month ago
parent
commit
429b40fa3e
2 changed files with 12 additions and 1 deletions
  1. +5
    -0
      vmware_nsx/common/config.py
  2. +7
    -1
      vmware_nsx/services/lbaas/nsx_v3/listener_mgr.py

+ 5
- 0
vmware_nsx/common/config.py View File

@@ -449,6 +449,11 @@ nsx_v3_opts = [
help=_("List of transit networks used by NSX tier0 routers. "
"Neutron subnets will not be allowed to use those "
"cidrs")),
cfg.BoolOpt('lbaas_inject_xff_header',
default=False,
help=_("(Optional) When True, LBaaS L7 listener will be "
"configured to inject X-Forwarded-For to the "
"requests")),
]

DEFAULT_STATUS_CHECK_INTERVAL = 2000


+ 7
- 1
vmware_nsx/services/lbaas/nsx_v3/listener_mgr.py View File

@@ -14,6 +14,7 @@
# under the License.

from neutron_lib import exceptions as n_exc
from oslo_config import cfg
from oslo_log import helpers as log_helpers
from oslo_log import log as logging
from oslo_utils import excutils
@@ -116,9 +117,13 @@ class EdgeListenerManager(base_mgr.Nsxv3LoadbalancerBaseManager):
listener.id)
tags = self._get_listener_tags(context, listener)

app_profile_kwargs = {}
if (listener.protocol == lb_const.LB_PROTOCOL_HTTP or
listener.protocol == lb_const.LB_PROTOCOL_TERMINATED_HTTPS):
profile_type = lb_const.LB_HTTP_PROFILE
if cfg.CONF.nsx_v3.lbaas_inject_xff_header:
app_profile_kwargs['x_forwarded_for'] = 'INSERT'

elif (listener.protocol == lb_const.LB_PROTOCOL_TCP or
listener.protocol == lb_const.LB_PROTOCOL_HTTPS):
profile_type = lb_const.LB_TCP_PROFILE
@@ -130,7 +135,8 @@ class EdgeListenerManager(base_mgr.Nsxv3LoadbalancerBaseManager):
raise n_exc.BadRequest(resource='lbaas-listener', msg=msg)
try:
app_profile = app_client.create(
display_name=vs_name, resource_type=profile_type, tags=tags)
display_name=vs_name, resource_type=profile_type, tags=tags,
**app_profile_kwargs)
app_profile_id = app_profile['id']
kwargs = self._get_virtual_server_kwargs(
context, listener, vs_name, tags, app_profile_id, certificate)


Loading…
Cancel
Save