Do a proper tls/ca cleanup in unstack
Certificates and the index were left in the data directory after
running unstack. That would break devstack on the next run.
partial blueprint devstack-https
Change-Id: I6eb552a76fb29addf4d02254c027e473d6805df1
diff --git a/lib/tls b/lib/tls
index 02906b7..a84bb76 100644
--- a/lib/tls
+++ b/lib/tls
@@ -18,6 +18,9 @@
# - configure_proxy
# - start_tls_proxy
+# - stop_tls_proxy
+# - cleanup_CA
+
# - make_root_CA
# - make_int_CA
# - make_cert ca-dir cert-name "common-name" ["alt-name" ...]
@@ -372,6 +375,22 @@
}
+# Cleanup Functions
+# ===============
+
+
+# Stops all stud processes. This should be done only after all services
+# using tls configuration are down.
+function stop_tls_proxy {
+ killall stud
+}
+
+
+# Remove CA along with configuration, as well as the local server certificate
+function cleanup_CA {
+ rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+}
+
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
diff --git a/unstack.sh b/unstack.sh
index a5e7b87..fe5fc77 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -122,9 +122,10 @@
stop_horizon
fi
-# Kill TLS proxies
+# Kill TLS proxies and cleanup certificates
if is_service_enabled tls-proxy; then
- killall stud
+ stop_tls_proxy
+ cleanup_CA
fi
SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*