Do not use api-paste.ini osprofiler options

Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the glance-api-paste.ini and
glance-registry-paste.ini files, this can be set in glance-api.conf and
glance-registry.conf configuration files.

DocImpact
Change-Id: I068504913c93be0f506262930eadc2e40879ce0f
This commit is contained in:
Dina Belova 2015-12-10 16:10:26 +03:00
parent 74eadaa36c
commit 3bdb51e947
8 changed files with 47 additions and 17 deletions

View File

@ -1583,7 +1583,27 @@ profiling feature for glance-api and glance-registry service.
* ``enabled=<True|False>``
Optional. Default: ``True``
Optional. Default: ``False``
There is one more configuration option that needs to be defined to enable
Glance services profiling. The config value ``hmac_keys`` is used for
encrypting context data for performance profiling.
* ``hmac_keys=<secret_key_string>``
Optional. Default: ``SECRET_KEY``
**IMPORTANT NOTE**: in order to make profiling work as designed operator needs
to make those values of HMAC key be consistent for all services in their
deployment. Without HMAC key the profiling will not be triggered even profiling
feature is enabled.
**IMPORTANT NOTE**: previously HMAC keys (as well as enabled parameter) were
placed at /etc/glance/api-paste.ini and /etc/glance/registry-paste.ini files
for Glance API and Glance Registry services respectively. Starting with
opsrofiler 0.3.1 release there is no need to set these arguments in the
*-paste.ini files. This functionality is still supported, although the
config values are having larger priority.
The config value ``trace_sqlalchemy`` is used to determine whether fully enable
sqlalchemy engine based SQL execution profiling feature for glance-api and
@ -1591,15 +1611,7 @@ glance-registry services.
* ``trace_sqlalchemy=<True|False>``
Optional. Default: ``True``
**IMPORTANT NOTE**: The HMAC key which is used for encrypting context data for
performance profiling is configured in paste config file of glance-api and
glance-registry service separately, by default they place at
/etc/glance/api-paste.ini and /etc/glance/registry-paste.ini files, in order
to make profiling work as designed operator needs to make those values of HMAC
key be consistent for all services in your deployment. Without HMAC key the
profiling will not be triggered even profiling feature is enabled.
Optional. Default: ``False``
Configuring Glance public endpoint
----------------------------------

View File

@ -82,8 +82,8 @@ paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
hmac_keys = SECRET_KEY #DEPRECATED
enabled = yes #DEPRECATED
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory

View File

@ -31,5 +31,5 @@ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes
hmac_keys = SECRET_KEY #DEPRECATED
enabled = yes #DEPRECATED

View File

@ -82,6 +82,7 @@ def main():
"glance", "api",
cfg.CONF.bind_host)
osprofiler.notifier.set(_notifier)
osprofiler.web.enable(cfg.CONF.profiler.hmac_keys)
else:
osprofiler.web.disable()

View File

@ -67,7 +67,7 @@ def main():
"glance", "registry",
cfg.CONF.bind_host)
osprofiler.notifier.set(_notifier)
osprofiler.web.enable(cfg.CONF.profiler.hmac_keys)
else:
osprofiler.web.disable()

View File

@ -105,7 +105,10 @@ profiler_opts = [
cfg.BoolOpt("enabled", default=False,
help=_('If False fully disable profiling feature.')),
cfg.BoolOpt("trace_sqlalchemy", default=False,
help=_("If False doesn't trace SQL requests."))
help=_("If False doesn't trace SQL requests.")),
cfg.StrOpt("hmac_keys", default="SECRET_KEY",
help=_("Secret key to use to sign Glance API and Glance "
"Registry services tracing messages.")),
]

View File

@ -52,7 +52,6 @@ _api_opts = [
glance.common.wsgi.bind_opts,
glance.common.wsgi.eventlet_opts,
glance.common.wsgi.socket_opts,
glance.common.wsgi.profiler_opts,
glance.image_cache.drivers.sqlite.sqlite_opts,
glance.image_cache.image_cache_opts,
glance.notifier.notifier_opts,
@ -67,6 +66,7 @@ _api_opts = [
glance.async.taskflow_executor.taskflow_executor_opts),
('store_type_location_strategy',
glance.common.location_strategy.store_type.store_type_opts),
('profiler', glance.common.wsgi.profiler_opts),
('paste_deploy', glance.common.config.paste_deploy_opts)
]
_registry_opts = [
@ -76,6 +76,7 @@ _registry_opts = [
glance.common.wsgi.bind_opts,
glance.common.wsgi.socket_opts,
glance.common.wsgi.eventlet_opts))),
('profiler', glance.common.wsgi.profiler_opts),
('paste_deploy', glance.common.config.paste_deploy_opts)
]
_scrubber_opts = [

View File

@ -0,0 +1,13 @@
---
deprecations:
- OSprofiler support requires passing of trace information
between various OpenStack services. This information is
signed by one of HMAC keys, which we historically defined
in glance-api-paste.ini and glance-registry-paste.ini files
(together with enabled option, that in fact was duplicated in
the corresponding configuration files).
OSprofiler 0.3.1 and higher supports passing this information
via configuration files, therefore it's recommended to
modify the ``[filter:osprofiler]`` section in \*-paste.ini to look like
``paste.filter_factor = osprofiler.web:WsgiMiddleware.factory``
and set the ``hmac_keys`` option in the glance-\*.conf files.