magnum does not client ip when behind haproxy

When running behind a reverse proxy, Magnum logs the proxy IP only.

In our setup we have 3 magnum frontend nodes behind HAProxy. HAProxy is publishing the X-Forwarded-For header which we also use for other OpenStack services. In other services where web frameworks other than pecan are used we get entries like:

2017-02-22 16:02:24.748 28941 INFO eventlet.wsgi.server [req-caf13c21-d5df-4028-bcf8-3d66f718cd89 - Cloud Probe - magnum - default default] 188.184.444.555,128.142.222.333 - - [22/Feb/2017 16:02:24] "GET /v1/c197dee4-64da-452a-9a96-a28d79ef4c38/stacks/66c45601-a85a-477e-9705-97ea28d2cc88 HTTP/1.1" 302 584 0.048196

Where 128.142.222.333 is the IP of the haproxy and 188.184.444.555 is the IP of the client. This is very useful for monitoring and accounting.

In magnum we get:

2017-02-22 16:03:32.970 23550 INFO werkzeug [req-b518bc49-0068-4b99-9a91-372ff4e2d6d7 svcprobemagnum Cloud Probe - magnum - - -] 128.142.222.333 - - [22/Feb/2017 16:03:32] "POST /v1/certificates HTTP/1.1" 201 -

so only one IP and 128.142.222.333 is the haproxy.

I've digged into pecan to see if there's a simple way to add this info but couldn't find it - it seems Magnum uses a series of hooks to customize the behavior, but not sure how to do it for logging.