From 526afb14c7d371a8e058e6adad417bc3b84b5cde Mon Sep 17 00:00:00 2001
From: Rodrigo Barbieri <rodrigo.barbieri2010@gmail.com>
Date: Fri, 14 Feb 2020 14:27:11 -0300
Subject: [PATCH] Add dependency between nova-compute and vaultlocker

If vaultlocker fails to decrypt and mount
/var/lib/nova/instances, nova will start anyway
and may create instances with their disks on the
root filesystem's disk, which may not be encrypted.

This patch creates a dependency between the nova-compute
and vaultlocker services, so if vaultlocker fails
nova-compute will not be started.

Closes-bug: #1863358
---
 tools/vaultlocker-decrypt@.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/vaultlocker-decrypt@.service b/tools/vaultlocker-decrypt@.service
index 1d4b33b..1457d73 100644
--- a/tools/vaultlocker-decrypt@.service
+++ b/tools/vaultlocker-decrypt@.service
@@ -2,6 +2,7 @@
 Description=vaultlocker retrieve: %i
 DefaultDependencies=no
 After=networking.service
+Before=nova-compute.service
 
 [Service]
 Type=oneshot
@@ -12,3 +13,5 @@ TimeoutSec=0
 
 [Install]
 WantedBy=multi-user.target
+RequiredBy=nova-compute.service
+