diff --git a/cinder/service.py b/cinder/service.py index 237bae211d3..b202efc4f3c 100644 --- a/cinder/service.py +++ b/cinder/service.py @@ -73,7 +73,9 @@ profiler_opts = [ cfg.BoolOpt("profiler_enabled", default=False, help=_('If False fully disable profiling feature.')), cfg.BoolOpt("trace_sqlalchemy", default=False, - help=_("If False doesn't trace SQL requests.")) + help=_("If False doesn't trace SQL requests.")), + cfg.StrOpt("hmac_keys", default="SECRET_KEY", + help=_("Secret key to use to sign tracing messages.")) ] CONF = cfg.CONF @@ -87,16 +89,17 @@ def setup_profiler(binary, host): "Messaging", messaging, context.get_admin_context().to_dict(), rpc.TRANSPORT, "cinder", binary, host) osprofiler.notifier.set(_notifier) + osprofiler.web.enable(CONF.profiler.hmac_keys) LOG.warning( _LW("OSProfiler is enabled.\nIt means that person who knows " "any of hmac_keys that are specified in " - "/etc/cinder/api-paste.ini can trace his requests. \n" + "/etc/cinder/cinder.conf can trace his requests. \n" "In real life only operator can read this file so there " "is no security issue. Note that even if person can " "trigger profiler, only admin user can retrieve trace " "information.\n" "To disable OSprofiler set in cinder.conf:\n" - "[profiler]\nenabled=false")) + "[profiler]\nprofiler_enabled=false")) else: osprofiler.web.disable() diff --git a/etc/cinder/api-paste.ini b/etc/cinder/api-paste.ini index 73c6ad1ea33..b0f7b367b09 100644 --- a/etc/cinder/api-paste.ini +++ b/etc/cinder/api-paste.ini @@ -32,8 +32,6 @@ paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes [filter:noauth] paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory