Updates fail-fast logic for v2 -> v3 transition

Checks that BOTH of the following conditions are NOT true: * v3_onion_services=false * v3 services exist on remote host If both are true, that's likely the result of a misconfiguration. This logic handles the prod use case of v2 enabled, also enabling v3. It hasn't yet been tested with ssh-over-LAN, we'll likely need to modify the restrict-direct-access role to accommodate.
freedomofpress · Aug 21, 2019 · 2ab423c · 2ab423c
1 parent 49d69c2
commit 2ab423c
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/...iles/ansible-base/roles/tor-hidden-services/tasks/check_tor_service_config_for_admins.yml b/...iles/ansible-base/roles/tor-hidden-services/tasks/check_tor_service_config_for_admins.yml
@@ -23,8 +23,7 @@
 - name: Confirm service state matches declared config
   assert:
     that: >
-      (true in _v3_services_state_info and v3_onion_services) or
-      (true not in _v3_services_state_info and not v3_onion_services)
+      not (not v3_onion_services and true in _v3_services_state_info)
     msg: >
       ERROR. The 'sdconfig' settings do not specify v3 Onion Services,
       but v3 Onion Services were found on the server. If your SecureDrop