Do a proper tls/ca cleanup in unstack

viraptor · viraptor · commit bd5dae0618ed · 2014-06-30T10:52:25.000+01:00
Certificates and the index were left in the data directory after
running unstack. That would break devstack on the next run.

partial blueprint devstack-https
Change-Id: I6eb552a76fb29addf4d02254c027e473d6805df1
diff --git a/lib/tls b/lib/tls
@@ -18,6 +18,9 @@
 # - configure_proxy
 # - start_tls_proxy
 
+# - stop_tls_proxy
+# - cleanup_CA
+
 # - make_root_CA
 # - make_int_CA
 # - make_cert ca-dir cert-name "common-name" ["alt-name" ...]
@@ -372,6 +375,22 @@ function start_tls_proxy {
 }
 
 
+# Cleanup Functions
+# ===============
+
+
+# Stops all stud processes. This should be done only after all services
+# using tls configuration are down.
+function stop_tls_proxy {
+    killall stud
+}
+
+
+# Remove CA along with configuration, as well as the local server certificate
+function cleanup_CA {
+    rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+}
+
 # Tell emacs to use shell-script-mode
 ## Local variables:
 ## mode: shell-script
diff --git a/unstack.sh b/unstack.sh
@@ -122,9 +122,10 @@ if is_service_enabled horizon; then
     stop_horizon
 fi
 
-# Kill TLS proxies
+# Kill TLS proxies and cleanup certificates
 if is_service_enabled tls-proxy; then
-    killall stud
+    stop_tls_proxy
+    cleanup_CA
 fi
 
 SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*
