diff --git a/cinder/service.py b/cinder/service.py
index f47ee6111bd..66c015e2125 100644
--- a/cinder/service.py
+++ b/cinder/service.py
@@ -73,7 +73,9 @@ profiler_opts = [
cfg.BoolOpt("profiler_enabled", default=False,
help=_('If False fully disable profiling feature.')),
cfg.BoolOpt("trace_sqlalchemy", default=False,
- help=_("If False doesn't trace SQL requests."))
+ help=_("If False doesn't trace SQL requests.")),
+ cfg.StrOpt("hmac_keys", default="SECRET_KEY",
+ help=_("Secret key to use to sign tracing messages."))
]
CONF = cfg.CONF
@@ -87,16 +89,17 @@ def setup_profiler(binary, host):
"Messaging", messaging, context.get_admin_context().to_dict(),
rpc.TRANSPORT, "cinder", binary, host)
osprofiler.notifier.set(_notifier)
+ osprofiler.web.enable(CONF.profiler.hmac_keys)
LOG.warning(
_LW("OSProfiler is enabled.\nIt means that person who knows "
"any of hmac_keys that are specified in "
- "/etc/cinder/api-paste.ini can trace his requests. \n"
+ "/etc/cinder/cinder.conf can trace his requests. \n"
"In real life only operator can read this file so there "
"is no security issue. Note that even if person can "
"trigger profiler, only admin user can retrieve trace "
"information.\n"
"To disable OSprofiler set in cinder.conf:\n"
- "[profiler]\nenabled=false"))
+ "[profiler]\nprofiler_enabled=false"))
else:
osprofiler.web.disable()
diff --git a/etc/cinder/api-paste.ini b/etc/cinder/api-paste.ini
index 73c6ad1ea33..b0f7b367b09 100644
--- a/etc/cinder/api-paste.ini
+++ b/etc/cinder/api-paste.ini
@@ -32,8 +32,6 @@ paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
[filter:noauth]
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory