Remove custom value of max_allowed_secret_in_bytes

Barbican has recently bumped max_allowed_secret_in_bytes from 10 KB to 20 KB since the original value was too small for some certificates [1]. Remove custom value from the barbican.conf template, which anyway was the same as the default configuration before the recent upstream change. The upstream change was backported to Wallaby and has been proposed to Victoria, Ussuri and Train [2], so this change should be backported too. [1] https://review.opendev.org/c/openstack/barbican/+/783381 [2] https://review.opendev.org/q/I59d11c5c9c32128ab9d71eaecdf46dd2d789a8d1 Change-Id: I83e4cb48192c8024650a8d347363f6babb75ad90 Closes-Bug: #1957795
2022-01-18 16:22:03 +01:00 · 2022-01-18 16:22:03 +01:00 · 20a3b14001
commit 20a3b14001
parent 12d3e1d23e
2 changed files with 7 additions and 1 deletions
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@ -10,7 +10,6 @@ bind_host = {{ api_interface_address }}
 host_href = {{ barbican_public_endpoint }}

 backlog = 4096
-max_allowed_secret_in_bytes = 10000
 max_allowed_request_size_in_bytes = 1000000

 db_auto_create = False
--- a/releasenotes/notes/barbican-max-allowed-secret-size-1941307ab5d2a9fd.yaml
+++ b/releasenotes/notes/barbican-max-allowed-secret-size-1941307ab5d2a9fd.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Removes custom value of ``max_allowed_secret_in_bytes`` in
+    ``barbican.conf``. The default maximum size in Barbican was doubled to
+    avoid issues with some certificates.
+    `LP #1957795 <https://bugs.launchpad.net/kolla-ansible/+bug/1957795>`__