Do not use api-paste.ini osprofiler options

Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the api-paste.ini file, this can be set in the
cinder.conf configuration file.

DocImpact
Change-Id: I17b89ffdf5613103be83284ddf8549e963a69c4f
This commit is contained in:
Dina Belova 2015-11-13 13:05:42 +03:00
parent 8d0e9f381a
commit 7541f9b25a
2 changed files with 6 additions and 5 deletions

View File

@ -73,7 +73,9 @@ profiler_opts = [
cfg.BoolOpt("profiler_enabled", default=False,
help=_('If False fully disable profiling feature.')),
cfg.BoolOpt("trace_sqlalchemy", default=False,
help=_("If False doesn't trace SQL requests."))
help=_("If False doesn't trace SQL requests.")),
cfg.StrOpt("hmac_keys", default="SECRET_KEY",
help=_("Secret key to use to sign tracing messages."))
]
CONF = cfg.CONF
@ -87,16 +89,17 @@ def setup_profiler(binary, host):
"Messaging", messaging, context.get_admin_context().to_dict(),
rpc.TRANSPORT, "cinder", binary, host)
osprofiler.notifier.set(_notifier)
osprofiler.web.enable(CONF.profiler.hmac_keys)
LOG.warning(
_LW("OSProfiler is enabled.\nIt means that person who knows "
"any of hmac_keys that are specified in "
"/etc/cinder/api-paste.ini can trace his requests. \n"
"/etc/cinder/cinder.conf can trace his requests. \n"
"In real life only operator can read this file so there "
"is no security issue. Note that even if person can "
"trigger profiler, only admin user can retrieve trace "
"information.\n"
"To disable OSprofiler set in cinder.conf:\n"
"[profiler]\nenabled=false"))
"[profiler]\nprofiler_enabled=false"))
else:
osprofiler.web.disable()

View File

@ -32,8 +32,6 @@ paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
[filter:noauth]
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory