Do not use api-paste.ini osprofiler options

Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS and ENABLED arguments in the api-paste.ini file, this can be set in the heat.conf configuration file. Change-Id: I77611c08d24839dc01766e994635cdb6a12922da
2015-11-13 13:34:38 +03:00 · 2015-11-13 13:34:38 +03:00 · 8e72616d73
parent fce736671b
commit 8e72616d73
3 changed files with 6 additions and 5 deletions
--- a/etc/heat/api-paste.ini
+++ b/etc/heat/api-paste.ini
@ -104,5 +104,3 @@ paste.filter_factory = oslo_middleware.request_id:RequestId.factory

 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
--- a/heat/common/config.py
+++ b/heat/common/config.py
@ -235,7 +235,9 @@ profiler_opts = [
    cfg.BoolOpt("profiler_enabled", default=False,
                help=_('If False fully disable profiling feature.')),
    cfg.BoolOpt("trace_sqlalchemy", default=False,
-                help=_("If False do not trace SQL requests."))
+                help=_("If False do not trace SQL requests.")),
+    cfg.StrOpt("hmac_keys", default="SECRET_KEY",
+               help=_("Secret key to use to sign tracing messages."))
 ]

 auth_password_group = cfg.OptGroup('auth_password')
--- a/heat/common/profiler.py
+++ b/heat/common/profiler.py
@ -32,14 +32,15 @@ def setup(binary, host):
            "Messaging", messaging, context.get_admin_context().to_dict(),
            rpc_messaging.TRANSPORT, "heat", binary, host)
        osprofiler.notifier.set(_notifier)
+        osprofiler.web.enable(cfg.CONF.profiler.hmac_keys)
        LOG.warning(_LW("OSProfiler is enabled.\nIt means that person who "
                        "knows any of hmac_keys that are specified in "
-                        "/etc/heat/api-paste.ini can trace his requests. \n"
+                        "/etc/heat/heat.conf can trace his requests. \n"
                        "In real life only operator can read this file so "
                        "there is no security issue. Note that even if person "
                        "can trigger profiler, only admin user can retrieve "
                        "trace information.\n"
                        "To disable OSprofiler set in heat.conf:\n"
-                        "[profiler]\nenabled=false"))
+                        "[profiler]\nprofiler_enabled=false"))
    else:
        osprofiler.web.disable()