From 7541f9b25a6ef2d620982a62b2e4b6573b310688 Mon Sep 17 00:00:00 2001
From: Dina Belova <dbelova@mirantis.com>
Date: Fri, 13 Nov 2015 13:05:42 +0300
Subject: [PATCH] Do not use api-paste.ini osprofiler options

Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the api-paste.ini file, this can be set in the
cinder.conf configuration file.

DocImpact
Change-Id: I17b89ffdf5613103be83284ddf8549e963a69c4f
---
 cinder/service.py        | 9 ++++++---
 etc/cinder/api-paste.ini | 2 --
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cinder/service.py b/cinder/service.py
index 237bae211d3..b202efc4f3c 100644
--- a/cinder/service.py
+++ b/cinder/service.py
@@ -73,7 +73,9 @@ profiler_opts = [
     cfg.BoolOpt("profiler_enabled", default=False,
                 help=_('If False fully disable profiling feature.')),
     cfg.BoolOpt("trace_sqlalchemy", default=False,
-                help=_("If False doesn't trace SQL requests."))
+                help=_("If False doesn't trace SQL requests.")),
+    cfg.StrOpt("hmac_keys", default="SECRET_KEY",
+               help=_("Secret key to use to sign tracing messages."))
 ]
 
 CONF = cfg.CONF
@@ -87,16 +89,17 @@ def setup_profiler(binary, host):
             "Messaging", messaging, context.get_admin_context().to_dict(),
             rpc.TRANSPORT, "cinder", binary, host)
         osprofiler.notifier.set(_notifier)
+        osprofiler.web.enable(CONF.profiler.hmac_keys)
         LOG.warning(
             _LW("OSProfiler is enabled.\nIt means that person who knows "
                 "any of hmac_keys that are specified in "
-                "/etc/cinder/api-paste.ini can trace his requests. \n"
+                "/etc/cinder/cinder.conf can trace his requests. \n"
                 "In real life only operator can read this file so there "
                 "is no security issue. Note that even if person can "
                 "trigger profiler, only admin user can retrieve trace "
                 "information.\n"
                 "To disable OSprofiler set in cinder.conf:\n"
-                "[profiler]\nenabled=false"))
+                "[profiler]\nprofiler_enabled=false"))
     else:
         osprofiler.web.disable()
 
diff --git a/etc/cinder/api-paste.ini b/etc/cinder/api-paste.ini
index 73c6ad1ea33..b0f7b367b09 100644
--- a/etc/cinder/api-paste.ini
+++ b/etc/cinder/api-paste.ini
@@ -32,8 +32,6 @@ paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
 
 [filter:noauth]
 paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory