From a4906506dbbba5ad0397c0739d2711276fb1898d Mon Sep 17 00:00:00 2001
From: Mark Giles <mark.giles@oracle.com>
Date: Wed, 28 Mar 2018 08:40:11 -0400
Subject: [PATCH] Verify external VIP set when TLS enabled.

The documentation states that kolla_internal_vip_address and
kolla_external_vip_address must be different when TLS is enabled.
If this is not true, the deploy will be successful but will not
function correctly.  This change adds a precheck to catch this
configuration problem prior to deployment.

Change-Id: I6c9e5fd5f434f7225bd0390aff116fa12da96934
---
 ansible/roles/prechecks/tasks/service_checks.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ansible/roles/prechecks/tasks/service_checks.yml b/ansible/roles/prechecks/tasks/service_checks.yml
index e11a252f38..d40d13b8da 100644
--- a/ansible/roles/prechecks/tasks/service_checks.yml
+++ b/ansible/roles/prechecks/tasks/service_checks.yml
@@ -31,3 +31,11 @@
       Kolla. Please disable it before proceeding.
   when:
     - nscd_status.rc == 0
+
+- name: Checking internal and external VIP addresses differ
+  run_once: True
+  local_action: fail msg='kolla_external_vip_address and kolla_internal_vip_address must not be the same when TLS is enabled'
+  changed_when: false
+  when:
+    - kolla_enable_tls_external | bool
+    - kolla_external_vip_address == kolla_internal_vip_address