From 8f3e51d79f392151023f3853a6c8a3f7b868ecfa Mon Sep 17 00:00:00 2001
From: Stephen Finucane <sfinucan@redhat.com>
Date: Tue, 2 Mar 2021 16:18:48 +0000
Subject: [PATCH] nova: Die if console TLS enabled with tls-proxy

We require the 'tls-proxy' service to set up certificates for us. Hard
fail if 'NOVA_CONSOLE_PROXY_COMPUTE_TLS' is enabled but the 'tls-proxy'
service is not.

Change-Id: I52fec12b78ecd8f76f835551ccb84dfb1d5b3d8a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
---
 lib/nova | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/nova b/lib/nova
index 6913040d26..28d3ba45d7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -83,6 +83,11 @@ fi
 # services and the compute node
 NOVA_CONSOLE_PROXY_COMPUTE_TLS=${NOVA_CONSOLE_PROXY_COMPUTE_TLS:-False}
 
+# Validate configuration
+if ! is_service_enabled tls-proxy && [ "$NOVA_CONSOLE_PROXY_COMPUTE_TLS" == "True" ]; then
+    die $LINENO "enabling TLS for the console proxy requires the tls-proxy service"
+fi
+
 # Public facing bits
 NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST}
 NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}