[queens-only] Increase auth_ttl for ec2token expiry
The recently added default of 15 mins for CVE-2020-12692 in keystone may not work with undercloud where deployments can run for long time. Let's keep it large enough to avoid it's expiration during a overcloud deployment before the stack action times out. Change-Id: I217192b8563e615dffc590f9d548883e0f1b38de Related-Bug: #1872737
This commit is contained in:
parent
a728f945ff
commit
2323fd3b7e
|
@ -239,6 +239,10 @@ keystone::enable_credential_setup: true
|
|||
keystone::fernet_max_active_keys: 2
|
||||
keystone::cache_memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
||||
keystone::cache_backend: "dogpile.cache.memcached"
|
||||
# CVE-2020-12692 set the default of 15 mins for ttl in keystone, we need that to be a lot higher
|
||||
keystone::config::keystone_config:
|
||||
credential/auth_ttl:
|
||||
value: 240
|
||||
|
||||
# MySQL
|
||||
admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
|
||||
|
|
Loading…
Reference in New Issue