]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commitdiff
Code Review / openstack-build / cinder-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8d0e9f3)
Do not use api-paste.ini osprofiler options
authorDina Belova <dbelova@mirantis.com>
Fri, 13 Nov 2015 10:05:42 +0000 (13:05 +0300)
committerDina Belova <dbelova@mirantis.com>
Tue, 17 Nov 2015 17:01:44 +0000 (17:01 +0000)
Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the api-paste.ini file, this can be set in the
cinder.conf configuration file.

DocImpact
Change-Id: I17b89ffdf5613103be83284ddf8549e963a69c4f

cinder/service.py patch | blob | history
etc/cinder/api-paste.ini patch | blob | history

diff --git a/cinder/service.py b/cinder/service.py
index 237bae211d3aa18997a1dcbf49264c56a95a08b6..b202efc4f3c437106bb94228ab2df99002392c5e 100644 (file)
--- a/cinder/service.py
+++ b/cinder/service.py
@@ -73,7 +73,9 @@ profiler_opts = [
     cfg.BoolOpt("profiler_enabled", default=False,
                 help=_('If False fully disable profiling feature.')),
     cfg.BoolOpt("trace_sqlalchemy", default=False,
-                help=_("If False doesn't trace SQL requests."))
+                help=_("If False doesn't trace SQL requests.")),
+    cfg.StrOpt("hmac_keys", default="SECRET_KEY",
+               help=_("Secret key to use to sign tracing messages."))
 ]
 
 CONF = cfg.CONF
@@ -87,16 +89,17 @@ def setup_profiler(binary, host):
             "Messaging", messaging, context.get_admin_context().to_dict(),
             rpc.TRANSPORT, "cinder", binary, host)
         osprofiler.notifier.set(_notifier)
+        osprofiler.web.enable(CONF.profiler.hmac_keys)
         LOG.warning(
             _LW("OSProfiler is enabled.\nIt means that person who knows "
                 "any of hmac_keys that are specified in "
-                "/etc/cinder/api-paste.ini can trace his requests. \n"
+                "/etc/cinder/cinder.conf can trace his requests. \n"
                 "In real life only operator can read this file so there "
                 "is no security issue. Note that even if person can "
                 "trigger profiler, only admin user can retrieve trace "
                 "information.\n"
                 "To disable OSprofiler set in cinder.conf:\n"
-                "[profiler]\nenabled=false"))
+                "[profiler]\nprofiler_enabled=false"))
     else:
         osprofiler.web.disable()
 
diff --git a/etc/cinder/api-paste.ini b/etc/cinder/api-paste.ini
index 73c6ad1ea331fe004de4481eeefc4e6f4dc9fed5..b0f7b367b0940ae61e20da930ebe06174b179ada 100644 (file)
--- a/etc/cinder/api-paste.ini
+++ b/etc/cinder/api-paste.ini
@@ -32,8 +32,6 @@ paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
 
 [filter:noauth]
 paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory