Comment 6 for bug 1635241

Revision history for this message
Kairat Kushaev (kkushaev) wrote :

Ok, I almost sure it will not be easy to fix this in 9.x because Nova didn't move to glance v2 in Mitaka.
Let me describe the situation in details.
By default Ceilometer uses glance v1 to request image info. This api was deprecated in Newton because it had several design flows and one of them is passing image metadata as http headers.
This issue was fixed in glance v2 and now all image metadata send as request body.
In the flow above image was created through glance v2 and requested through glance v1. HAProxy doesn't allow any special characters as header names in response and we have a bug because of this. Currently I couldn't find any possibility to exclude these characters from request without issues.
Unfortunately image metadata property name can contain different characters so we cannot just prohibit creation of properties with "=", "," and other symbols because it breaks backward compatibility (remember glance v2 doesn't use http headers for metadata at all).
It seems we can solve this in several ways:
1. We can relax validation for header in haproxy (see accept-invalid-http-response in http://www.haproxy.org/download/1.4/doc/configuration.txt), we need to update glance-api/registry haproxy config because they use v1 by default.
2. We can try to custom properties from instance-list request on nova or ceilometer side, so only specific set of properties will be requested. Need nova team feedback on this.
3. Move Nova to glance v2 (impossible due to high risk).
So I would liek to ask Fuel team, is it possible to relax response header restriction for glance-api?