Fix the Neutron OVN metadata service setup

* Set the Nova metadata server address properly so that
  neutron-ovn-metadata-agents running on compute nodes forward the
  requests to the right place instead of trying to use 127.0.0.1;
* generate a random secret instead of hard-coding one.

Change-Id: I6525a4150808ef257bb7a8f49589c1151ca279b0

snap-overlay/bin/set-default-config.py

@@ -79,6 +79,7 @@ def _setup_secrets():
             'config.credentials.neutron-password',
             'config.credentials.placement-password',
             'config.credentials.glance-password',
+            'config.credentials.ovn-metadata-proxy-shared-secret',
         ] if k not in existing_cred_keys
     })
 

snap-overlay/snap-openstack.yaml

@@ -108,6 +108,7 @@ setup:
     alerting_tag: 'config.alerting.tag'
     ovn_nb_connection: 'config.network.ovn-nb-connection'
     ovn_sb_connection: 'config.network.ovn-sb-connection'
+    ovn_metadata_proxy_shared_secret: 'config.credentials.ovn-metadata-proxy-shared-secret'
     setup_loop_based_cinder_lvm_backend: 'config.cinder.setup-loop-based-cinder-lvm-backend'
     lvm_backend_volume_group: 'config.cinder.lvm-backend-volume-group'
 entry_points:

snap-overlay/templates/neutron_ovn_metadata_agent.ini.j2

@@ -1,5 +1,8 @@
 [DEFAULT]
-metadata_proxy_shared_secret = supersecret
+
+nova_metadata_host = {{ control_ip }}
+
+metadata_proxy_shared_secret = {{ ovn_metadata_proxy_shared_secret }}
 
 [ovs]
 ovsdb_connection = unix:{{ snap_common }}/run/openvswitch/db.sock

snap-overlay/templates/nova.conf.d.neutron.conf.j2

@@ -10,4 +10,4 @@ project_name = service
 username = neutron
 password = {{ neutron_password }}
 service_metadata_proxy = True
-metadata_proxy_shared_secret = supersecret
+metadata_proxy_shared_secret = {{ ovn_metadata_proxy_shared_secret }}