--- a/components/openstack/neutron/files/metadata_agent.ini Mon May 16 14:46:20 2016 +0200
+++ b/components/openstack/neutron/files/metadata_agent.ini Fri May 20 17:42:29 2016 -0400
@@ -39,12 +39,21 @@
# When proxying metadata requests, Neutron signs the Instance-ID header with a
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
-# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
+# Server. NOTE: Nova uses the same config key, but in [neutron] section.
# metadata_proxy_shared_secret =
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
+# Metadata Proxy UNIX domain socket mode, 3 values allowed:
+# 'deduce': deduce mode from metadata_proxy_user/group values,
+# 'user': set metadata proxy socket mode to 0o644, to use when
+# metadata_proxy_user is agent effective user or root,
+# 'group': set metadata proxy socket mode to 0o664, to use when
+# metadata_proxy_group is agent effective group,
+# 'all': set metadata proxy socket mode to 0o666, to use otherwise.
+# metadata_proxy_socket_mode = deduce
+
# Number of separate worker processes for metadata server. Defaults to
# half the number of CPU cores
metadata_workers = 1