From cfdc59860ef1482e3b064f90f719ec9e484590ce Mon Sep 17 00:00:00 2001
From: Joe Gordon <joe.gordon0@gmail.com>
Date: Thu, 27 Jun 2013 16:03:01 -0700
Subject: [PATCH] Disable per-user rate limiting by default

The rate limiting enabled via api_rate_limit, is per user rate limiting
which does not protect against intentional DOS, instead DOS rate
limiting should be elsewhere. Furthermore useful values for this are very deployment
specific.

* Private deployments simply don't need it.
* Public deployments need something more sophisticated (queue depth based,
  not static values).
* Folks that do want it as belt-and-braces want semi-decent defaults
  but there is no need to default it on.

Part of more sane defaults effort.

DocImpact

Change-Id: I5451f6f90a6448c838612f180f0af750213a62bf
---
 etc/nova/nova.conf.sample | 2 +-
 nova/api/auth.py          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample
index 9a760cf3a63e..2851276d0523 100644
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@@ -313,7 +313,7 @@
 
 # whether to use per-user rate limiting for the api. (boolean
 # value)
-#api_rate_limit=true
+#api_rate_limit=false
 
 # The strategy to use for auth: noauth or keystone. (string
 # value)
diff --git a/nova/api/auth.py b/nova/api/auth.py
index 6b85a9de6719..aad8ebfa07ce 100644
--- a/nova/api/auth.py
+++ b/nova/api/auth.py
@@ -30,7 +30,7 @@ from nova import wsgi
 
 auth_opts = [
     cfg.BoolOpt('api_rate_limit',
-                default=True,
+                default=False,
                 help='whether to use per-user rate limiting for the api.'),
     cfg.StrOpt('auth_strategy',
                default='noauth',