1. devstack
  2. Commit f4dbd12f78236c7c98b68d7841783ed29d6e77d7
Browse code

Set specified header size when enabling tls-proxy

As part of getting swift's functional testing to work properly through
the tls-proxy we need to increase the allowed request header size in
apache. This was a non issue without tls proxy as requests hit the
eventlet webserver directly which was configured via the swift config
which sets this relatively large limit (by default devstack configures
swift to have a header size limit of 16384).

Now we pass in an optional parameter to start_tls_proxy that includes
the desired header size. lib/swift then passes in the value it also
configures in its swift.conf.

If not explicitly set we default to 8190 which is apache2's default.

Change-Id: Ib2811c8d3cbb49cf94b70294788526b15a798edd

Clark Boylan authored on 2017/06/01 05:17:22
Showing 2 changed files
lib/swift
History View file @ f4dbd12
... ... 
@@ -837,7 +837,7 @@ function start_swift {
837 837
838 838 
     if is_service_enabled tls-proxy; then
839 839 
         local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
840 
-        start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
840 
+        start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT $SWIFT_MAX_HEADER_SIZE
841 841 
     fi
842 842 
     run_process s-proxy "$SWIFT_BIN_DIR/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
843 843
lib/tls
History View file @ f4dbd12
... ... 
@@ -485,6 +485,8 @@ function start_tls_proxy {
485 485 
     local f_port=$3
486 486 
     local b_host=$4
487 487 
     local b_port=$5
488 
+    # 8190 is the default apache size.
489 
+    local f_header_size=${6:-8190}
488 490
489 491 
     tune_apache_connections
490 492
... ... 
@@ -512,6 +514,11 @@ $listen_string
512 512 
     # ('Connection aborted.', BadStatusLine("''",)) error
513 513 
     KeepAlive Off
514 514
515 
+    # This increase in allowed request header sizes is required
516 
+    # for swift functional testing to work with tls enabled. It is 2 bytes
517 
+    # larger than the apache default of 8190.
518 
+    LimitRequestFieldSize $f_header_size
519 
+
515 520 
     <Location />
516 521 
         ProxyPass http://$b_host:$b_port/ retry=0 nocanon
517 522 
         ProxyPassReverse http://$b_host:$b_port/