Remove custom value of max_allowed_secret_in_bytes

Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to
20 KB since the original value was too small for some certificates [1].
Remove custom value from the barbican.conf template, which anyway was
the same as the default configuration before the recent upstream change.

The upstream change was backported to Wallaby and has been proposed to
Victoria, Ussuri and Train [2], so this change should be backported too.

[1] https://review.opendev.org/c/openstack/barbican/+/783381
[2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1

Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90
Closes-Bug: #1957795
This commit is contained in:
Pierre Riteau 2022-01-18 16:22:03 +01:00
parent 12d3e1d23e
commit 20a3b14001
2 changed files with 7 additions and 1 deletions

View File

@ -10,7 +10,6 @@ bind_host = {{ api_interface_address }}
host_href = {{ barbican_public_endpoint }} host_href = {{ barbican_public_endpoint }}
backlog = 4096 backlog = 4096
max_allowed_secret_in_bytes = 10000
max_allowed_request_size_in_bytes = 1000000 max_allowed_request_size_in_bytes = 1000000
db_auto_create = False db_auto_create = False

View File

@ -0,0 +1,7 @@
---
fixes:
- |
Removes custom value of ``max_allowed_secret_in_bytes`` in
``barbican.conf``. The default maximum size in Barbican was doubled to
avoid issues with some certificates.
`LP #1957795 <https://bugs.launchpad.net/kolla-ansible/+bug/1957795>`__