diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml
index b9441d45f0..d89af1fe2f 100644
--- a/deployment/nova/nova-compute-container-puppet.yaml
+++ b/deployment/nova/nova-compute-container-puppet.yaml
@@ -493,6 +493,15 @@ parameters:
     default: 0
     tags:
       - role_specific
+  EnableInternalTLS:
+    type: boolean
+    default: false
+  UseTLSTransportForLiveMigration:
+    type: boolean
+    default: true
+    description: If set to true and if EnableInternalTLS is enabled, it will
+                 set the libvirt URI's transport to tls and configure the
+                 relevant keys for libvirt.
 
   # DEPRECATED: the following options are deprecated and are currently maintained
   # for backwards compatibility. They will be removed in future release.
@@ -687,16 +696,23 @@ conditions:
   insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
   enable_instance_ha: {equals: [{get_param: EnableInstanceHA}, true]}
 
+  use_tls_for_live_migration:
+    and:
+      - {get_param: EnableInternalTLS}
+      - {get_param: UseTLSTransportForLiveMigration}
+
   enable_live_migration_tunnelled:
-    or:
-      - and:
-        - equals: [{get_param: NovaNfsEnabled}, true]
-        - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
-      - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
-      - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
-      - and:
-        - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
-        - equals: [{get_param: NovaEnableRbdBackend}, true]
+    and:
+      - or:
+          - and:
+            - {get_param: NovaNfsEnabled}
+            - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, '']
+          - equals: [{get_param: [RoleParameters, NovaNfsEnabled]}, true]
+          - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, true]
+          - and:
+            - equals: [{get_param: [RoleParameters, NovaEnableRbdBackend]}, '']
+            - {get_param: NovaEnableRbdBackend}
+      - not: use_tls_for_live_migration
 
   libvirt_file_backed_memory_enabled:
     not:
diff --git a/deployment/nova/nova-libvirt-container-puppet.yaml b/deployment/nova/nova-libvirt-container-puppet.yaml
index d5e7d2be68..6b3bf0d92b 100644
--- a/deployment/nova/nova-libvirt-container-puppet.yaml
+++ b/deployment/nova/nova-libvirt-container-puppet.yaml
@@ -279,12 +279,8 @@ conditions:
 
   use_tls_for_live_migration:
     and:
-    - equals:
       - {get_param: EnableInternalTLS}
-      - true
-    - equals:
       - {get_param: UseTLSTransportForLiveMigration}
-      - true
 
   libvirt_specific_ca_unset:
     equals: