Merge "Fail if TLS + TCP are enabled for libvirtd" into stable/pike

2017-08-23 07:10:21 +00:00 · 2017-08-23 07:10:21 +00:00 · 78dafddc6c
parent d7537e4654 72a059b790
commit 78dafddc6c
1 changed files with 20 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -33,6 +33,26 @@
  tags:
    - always

+- name: Fail if TCP and TLS are both enabled
+  fail:
+    msg: |
+      TCP and TLS connectivity are currently enabled for libvirtd. This
+      combination prevents libvirtd from starting properly since this role
+      does not generate TLS certificates for libvirtd at this time.
+
+      To enable TCP connectivity without TLS, set the following variables:
+
+          nova_libvirtd_listen_tcp: 1
+          nova_libvirtd_listen_tls: 0
+
+      Please note that this configuration does not encrypt communication with
+      libvirtd.
+  when:
+    - nova_libvirtd_listen_tcp == 1
+    - nova_libvirtd_listen_tls == 1
+  tags:
+    - always
+
 - include: nova_virt_detect.yml
  static: no
  tags: