diff options
| author | Dina Belova <dbelova@mirantis.com> | 2015-11-13 13:34:38 +0300 |
|---|---|---|
| committer | Dina Belova <dbelova@mirantis.com> | 2015-11-17 09:34:18 +0000 |
| commit | 8e72616d732ddd473e60ca28ea8e76aa95cdb690 (patch) | |
| tree | dd7ef9a470d6558d95ad269bcb78072a39bde422 | |
| parent | fce736671b0c956f57808d7cd4b3335e8b0d5c63 (diff) | |
| download | heat-8e72616d732ddd473e60ca28ea8e76aa95cdb690.tar.gz | |
Do not use api-paste.ini osprofiler options
Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the api-paste.ini file, this can be set in the
heat.conf configuration file.
Change-Id: I77611c08d24839dc01766e994635cdb6a12922da
| -rw-r--r-- | etc/heat/api-paste.ini | 2 | ||||
| -rw-r--r-- | heat/common/config.py | 4 | ||||
| -rw-r--r-- | heat/common/profiler.py | 5 |
3 files changed, 6 insertions, 5 deletions
diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini index 7246e14df..b0613156a 100644 --- a/etc/heat/api-paste.ini +++ b/etc/heat/api-paste.ini @@ -104,5 +104,3 @@ paste.filter_factory = oslo_middleware.request_id:RequestId.factory [filter:osprofiler] paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY -enabled = yes diff --git a/heat/common/config.py b/heat/common/config.py index 8f90424d5..5f47e80e5 100644 --- a/heat/common/config.py +++ b/heat/common/config.py @@ -235,7 +235,9 @@ profiler_opts = [ cfg.BoolOpt("profiler_enabled", default=False, help=_('If False fully disable profiling feature.')), cfg.BoolOpt("trace_sqlalchemy", default=False, - help=_("If False do not trace SQL requests.")) + help=_("If False do not trace SQL requests.")), + cfg.StrOpt("hmac_keys", default="SECRET_KEY", + help=_("Secret key to use to sign tracing messages.")) ] auth_password_group = cfg.OptGroup('auth_password') diff --git a/heat/common/profiler.py b/heat/common/profiler.py index 7aa766481..a474b59f8 100644 --- a/heat/common/profiler.py +++ b/heat/common/profiler.py @@ -32,14 +32,15 @@ def setup(binary, host): "Messaging", messaging, context.get_admin_context().to_dict(), rpc_messaging.TRANSPORT, "heat", binary, host) osprofiler.notifier.set(_notifier) + osprofiler.web.enable(cfg.CONF.profiler.hmac_keys) LOG.warning(_LW("OSProfiler is enabled.\nIt means that person who " "knows any of hmac_keys that are specified in " - "/etc/heat/api-paste.ini can trace his requests. \n" + "/etc/heat/heat.conf can trace his requests. \n" "In real life only operator can read this file so " "there is no security issue. Note that even if person " "can trigger profiler, only admin user can retrieve " "trace information.\n" "To disable OSprofiler set in heat.conf:\n" - "[profiler]\nenabled=false")) + "[profiler]\nprofiler_enabled=false")) else: osprofiler.web.disable() |