Comment 7 for bug 1563954

So in keystone, glance and some others I have been transitioning services over to using the http_proxy_to_wsgi middleware [1] which handles this in the paste pipeline.

If you deprecate the CONF.use_forwarded_for option in nova (as other services have) then you can insert by default the http_proxy_to_wsgi middleware in front of nova-api but not the metadata service which would mean X-Forwarded-For was ignored in metadata services.

This would obviously cause problems for anyone who is deploying the metadata service behind a load balancer (which i'm told is a real usecase) but that can be solved by adding the middleware to the metadata pipeline manually.

This doesn't help with the current problem but would give you a sensible default and a way forward.

[1] http://git.openstack.org/cgit/openstack/oslo.middleware/tree/oslo_middleware/http_proxy_to_wsgi.py