865243c167
Fix Error 400 Header Line Too Long when using Identity v3 PKI Tokens Uses swift.conf max_header_size option to set wsgi.MAX_HEADER_LINE, allowing the operator to customize this parameter. The default value has been let to 8192 to avoid unexpected configuration change on deployed platforms. The max_header_size option has to be increased (for example to 16384), to accomodate for large Identity v3 PKI tokens, including more than 7 catalog entries. The default max header line size of 8192 is exceeded in the following scenario: - Auth tokens generated by Keystone v3 API include the catalog. - Keystone's catalog contains more than 7 services. Similar fixes have been merged in other projects. Change-Id: Ia838b18331f57dfd02b9f71d4523d4059f38e600 Closes-Bug: 1190149
87 lines
2.4 KiB
Plaintext
87 lines
2.4 KiB
Plaintext
[swift-hash]
|
|
|
|
# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the
|
|
# the hashing algorithm when determining data placement in the cluster.
|
|
# These values should remain secret and MUST NOT change
|
|
# once a cluster has been deployed.
|
|
|
|
swift_hash_path_suffix = changeme
|
|
swift_hash_path_prefix = changeme
|
|
|
|
|
|
# The swift-constraints section sets the basic constraints on data
|
|
# saved in the swift cluster.
|
|
|
|
[swift-constraints]
|
|
|
|
# max_file_size is the largest "normal" object that can be saved in
|
|
# the cluster. This is also the limit on the size of each segment of
|
|
# a "large" object when using the large object manifest support.
|
|
# This value is set in bytes. Setting it to lower than 1MiB will cause
|
|
# some tests to fail. It is STRONGLY recommended to leave this value at
|
|
# the default (5 * 2**30 + 2).
|
|
|
|
#max_file_size = 5368709122
|
|
|
|
|
|
# max_meta_name_length is the max number of bytes in the utf8 encoding
|
|
# of the name portion of a metadata header.
|
|
|
|
#max_meta_name_length = 128
|
|
|
|
|
|
# max_meta_value_length is the max number of bytes in the utf8 encoding
|
|
# of a metadata value
|
|
|
|
#max_meta_value_length = 256
|
|
|
|
|
|
# max_meta_count is the max number of metadata keys that can be stored
|
|
# on a single account, container, or object
|
|
|
|
#max_meta_count = 90
|
|
|
|
|
|
# max_meta_overall_size is the max number of bytes in the utf8 encoding
|
|
# of the metadata (keys + values)
|
|
|
|
#max_meta_overall_size = 4096
|
|
|
|
# max_header_size is the max number of bytes in the utf8 encoding of each
|
|
# header. Using 8192 as default because eventlet use 8192 as max size of
|
|
# header line. This value may need to be increased when using identity
|
|
# v3 API tokens including more than 7 catalog entries.
|
|
# See also include_service_catalog in proxy-server.conf-sample
|
|
# (documented in overview_auth.rst)
|
|
|
|
#max_header_size = 8192
|
|
|
|
|
|
# max_object_name_length is the max number of bytes in the utf8 encoding
|
|
# of an object name
|
|
|
|
#max_object_name_length = 1024
|
|
|
|
|
|
# container_listing_limit is the default (and max) number of items
|
|
# returned for a container listing request
|
|
|
|
#container_listing_limit = 10000
|
|
|
|
|
|
# account_listing_limit is the default (and max) number of items returned
|
|
# for an account listing request
|
|
#account_listing_limit = 10000
|
|
|
|
|
|
# max_account_name_length is the max number of bytes in the utf8 encoding
|
|
# of an account name
|
|
|
|
#max_account_name_length = 256
|
|
|
|
|
|
# max_container_name_length is the max number of bytes in the utf8 encoding
|
|
# of a container name
|
|
|
|
#max_container_name_length = 256
|