Allow operators to customize max header size

HTTP messages max header line size has been increased from 8K to 16K by default to allow using tokens including up to 14-15 catalog entries. The same issue (https://bugs.launchpad.net/swift/+bug/119014) may occur again in the future, if Keystone's catalog grows further. Allowing operators to customize the max header size, will allow them to have Nova working whatever the size of the catalog (if the option is properly set). Related-Bug: #1190149 DocImpact Change-Id: I96694ac9bc242267cfc9f4d0c18b2b7fe0000460
2014-01-20 10:07:53 +00:00 · 2014-01-20 10:07:53 +00:00 · 933f1dca36
parent cb464bcf65
commit 933f1dca36
3 changed files with 22 additions and 3 deletions
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@ -513,6 +513,12 @@
 # value)
 #wsgi_default_pool_size=1000

+# Maximum line size of message headers to be accepted.
+# max_header_line may need to be increased when using large
+# tokens (typically those generated by the Keystone v3 API
+# with big service catalogs). (integer value)
+#max_header_line=16384
+

 #
 # Options defined in nova.api.auth
--- a/nova/tests/test_wsgi.py
+++ b/nova/tests/test_wsgi.py
@ -21,18 +21,21 @@ import tempfile
 import testtools

 import eventlet
+import eventlet.wsgi
 import requests

 import nova.exception
 from nova import test
 from nova.tests import utils
 import nova.wsgi
+from oslo.config import cfg
 import urllib2
 import webob

 SSL_CERT_DIR = os.path.normpath(os.path.join(
                                os.path.dirname(os.path.abspath(__file__)),
                                'ssl_cert'))
+CONF = cfg.CONF


 class TestLoaderNothingExists(test.NoDBTestCase):
@ -100,6 +103,11 @@ class TestWSGIServer(test.NoDBTestCase):
        server = nova.wsgi.Server("test_app", None)
        self.assertEqual("test_app", server.name)

+    def test_custom_max_header_line(self):
+        CONF.max_header_line = 4096  # Default value is 16384.
+        server = nova.wsgi.Server("test_custom_max_header_line", None)
+        self.assertEqual(CONF.max_header_line, eventlet.wsgi.MAX_HEADER_LINE)
+
    def test_start_random_port(self):
        server = nova.wsgi.Server("test_random_port", None,
                                  host="127.0.0.1", port=0)
--- a/nova/wsgi.py
+++ b/nova/wsgi.py
@ -38,9 +38,6 @@ from nova.openstack.common import excutils
 from nova.openstack.common.gettextutils import _
 from nova.openstack.common import log as logging

-# Raise the default from 8192 to accommodate large tokens
-eventlet.wsgi.MAX_HEADER_LINE = 16384
-
 wsgi_opts = [
    cfg.StrOpt('api_paste_config',
               default="api-paste.ini",
@ -66,6 +63,12 @@ wsgi_opts = [
    cfg.IntOpt('wsgi_default_pool_size',
               default=1000,
               help="Size of the pool of greenthreads used by wsgi"),
+    cfg.IntOpt('max_header_line',
+               default=16384,
+               help="Maximum line size of message headers to be accepted. "
+                    "max_header_line may need to be increased when using "
+                    "large tokens (typically those generated by the "
+                    "Keystone v3 API with big service catalogs)."),
    ]
 CONF = cfg.CONF
 CONF.register_opts(wsgi_opts)
@ -93,6 +96,8 @@ class Server(object):
        :returns: None
        :raises: nova.exception.InvalidInput
        """
+        # Allow operators to customize http requests max header line size.
+        eventlet.wsgi.MAX_HEADER_LINE = CONF.max_header_line
        self.name = name
        self.app = app
        self._server = None