From bf10ac55a99d226a81bdbc7e6bd1e85b4f48652d Mon Sep 17 00:00:00 2001
From: Maru Newby <marun@redhat.com>
Date: Sat, 10 Aug 2013 21:27:54 +0000
Subject: [PATCH] Add auth config for neutron metadata proxy

 * Without auth config, the proxy will return 500 errors on
   cloud-init requests, which will cause VM connectivity
   checks to fail.
 * A cleaner fix would be for the metadata proxy to reuse the
   configuration from the keystone_authtoken section of
   neutron.conf, but I chose the easier route because of a
   pending switch from REST to RPC communication (RPC won't
   need the auth config).
 * Fixes bug 1210664

Change-Id: Iaa3c74f5ada2404119c44c8cbdad380eda158f66
---
 lib/neutron | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 306140a4b5..3b8dcf59a6 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -577,6 +577,8 @@ function _configure_neutron_metadata_agent() {
     iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
     iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
 
+    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
+
 }
 
 function _configure_neutron_lbaas() {
@@ -687,6 +689,7 @@ function _neutron_setup_keystone() {
     local conf_file=$1
     local section=$2
     local use_auth_url=$3
+    local skip_auth_cache=$4
     if [[ -n $use_auth_url ]]; then
         iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"
     else
@@ -697,11 +700,13 @@ function _neutron_setup_keystone() {
     iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
     iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
     iniset $conf_file $section admin_password $SERVICE_PASSWORD
-    iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
-    # Create cache dir
-    sudo mkdir -p $NEUTRON_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $NEUTRON_AUTH_CACHE_DIR
-    rm -f $NEUTRON_AUTH_CACHE_DIR/*
+    if [[ -z $skip_auth_cache ]]; then
+        iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
+        # Create cache dir
+        sudo mkdir -p $NEUTRON_AUTH_CACHE_DIR
+        sudo chown $STACK_USER $NEUTRON_AUTH_CACHE_DIR
+        rm -f $NEUTRON_AUTH_CACHE_DIR/*
+    fi
 }
 
 function _neutron_setup_interface_driver() {