---
- hosts: nova_compute
  vars:
    metadata:
      name: Verify NoOpFirewallDriver is set in Nova
      description: >
        When using Neutron, the `firewall_driver` option in Nova must be set to
        `NoopFirewallDriver`.
      groups:
      - post-deployment
  tasks:
  - include_tasks: tasks/deprecation.yaml

  - name: Read the `firewall_driver` value
    become: true
    ini:
      path: /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf
      section: DEFAULT
      key: firewall_driver
    register: nova_firewall_driver

  - name: Verify `firewall_driver` is set to `NoopFirewallDriver`
    fail:
      msg: >
        The firewall_driver value in /etc/nova/nova.conf is
        {{ nova_firewall_driver.value or 'unset' }}, but it must be set to:
        nova.virt.firewall.NoopFirewallDriver
    failed_when: "nova_firewall_driver.value != 'nova.virt.firewall.NoopFirewallDriver'"