diff --git a/deployment/heat/heat-base-puppet.yaml b/deployment/heat/heat-base-puppet.yaml index 88aee86c31..1a53b13b9c 100644 --- a/deployment/heat/heat-base-puppet.yaml +++ b/deployment/heat/heat-base-puppet.yaml @@ -99,6 +99,18 @@ parameters: description: > Cron to purge db entries marked as deleted and older than $age - Log destination default: '/dev/null' + HeatYaqlLimitIterators: + type: number + description: > + The maximum number of elements in collection yaql expressions can take + for its evaluation. + default: 1000 + HeatYaqlMemoryQuota: + type: number + description: > + The maximum size of memory in bytes that yaql exrpessions can take for + its evaluation. + default: 100000 HeatMaxJsonBodySize: default: 4194304 description: Maximum raw byte size of the Heat API JSON request body. @@ -174,8 +186,8 @@ outputs: heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 - heat::yaql_memory_quota: 100000 - heat::yaql_limit_iterators: 1000 + heat::yaql_memory_quota: {get_param: HeatYaqlMemoryQuota} + heat::yaql_limit_iterators: {get_param: HeatYaqlLimitIterators} heat::cors::max_age: 3600 heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 3fb7e79289..6573744c36 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -82,6 +82,7 @@ parameter_defaults: HeatMaxResourcesPerStack: -1 HeatMaxJsonBodySize: 4194304 HeatReauthenticationAuthMethod: 'trusts' + HeatYaqlLimitIterators: 10000 # Disable non-lifecycle stack actions like # snapshot, resume, cancel update and stack check. HeatApiPolicies: