Merge pull request #29632 from jfindlay/tls_virt

reduce severity of tls module __virtual__ logging

salt/modules/tls.py

@@ -139,25 +139,18 @@ def __virtual__():
     if HAS_SSL and OpenSSL_version >= LooseVersion('0.10'):
         if OpenSSL_version < LooseVersion('0.14'):
             X509_EXT_ENABLED = False
-            log.error('You should upgrade pyOpenSSL to at least 0.14.1 '
-                     'to enable the use of X509 extensions')
+            log.debug('You should upgrade pyOpenSSL to at least 0.14.1 to '
+                      'enable the use of X509 extensions in the tls module')
         elif OpenSSL_version <= LooseVersion('0.15'):
-            log.warn('You should upgrade pyOpenSSL to at least 0.15.1 '
-                     'to enable the full use of X509 extensions')
-        # never EVER reactivate this code, this has been done too many times.
-        # not having configured a cert path in the configuration does not
-        # mean that users cant use this module as we provide methods
-        # to configure it afterwards.
-        # if __opts__.get('ca.cert_base_path', None):
-        #     return True
-        # else:
-        #     log.error('tls module not loaded: ca.cert_base_path not set')
-        #     return False
+            log.debug('You should upgrade pyOpenSSL to at least 0.15.1 to '
+                      'enable the full use of X509 extensions in the tls module')
+        # NOTE: Not having configured a cert path should not prevent this
+        # module from loading as it provides methods to configure the path.
         return True
     else:
         X509_EXT_ENABLED = False
-        return (False, ('PyOpenSSL version 0.10 or later must be installed '
-                        'before this module can be used.'))
+        return (False, 'PyOpenSSL version 0.10 or later must be installed '
+                       'before this module can be used.')
 
 
 def cert_base_path(cacert_path=None):