Browse code
Do a proper tls/ca cleanup in unstack
Certificates and the index were left in the data directory after
running unstack. That would break devstack on the next run.
partial blueprint devstack-https
Change-Id: I6eb552a76fb29addf4d02254c027e473d6805df1
Stanislaw Pitucha authored on 2014/06/25 23:29:43Showing 2 changed files
| ... | ... |
@@ -18,6 +18,9 @@ |
| 18 | 18 |
# - configure_proxy |
| 19 | 19 |
# - start_tls_proxy |
| 20 | 20 |
|
| 21 |
+# - stop_tls_proxy |
|
| 22 |
+# - cleanup_CA |
|
| 23 |
+ |
|
| 21 | 24 |
# - make_root_CA |
| 22 | 25 |
# - make_int_CA |
| 23 | 26 |
# - make_cert ca-dir cert-name "common-name" ["alt-name" ...] |
| ... | ... |
@@ -372,6 +375,22 @@ function start_tls_proxy {
|
| 372 | 372 |
} |
| 373 | 373 |
|
| 374 | 374 |
|
| 375 |
+# Cleanup Functions |
|
| 376 |
+# =============== |
|
| 377 |
+ |
|
| 378 |
+ |
|
| 379 |
+# Stops all stud processes. This should be done only after all services |
|
| 380 |
+# using tls configuration are down. |
|
| 381 |
+function stop_tls_proxy {
|
|
| 382 |
+ killall stud |
|
| 383 |
+} |
|
| 384 |
+ |
|
| 385 |
+ |
|
| 386 |
+# Remove CA along with configuration, as well as the local server certificate |
|
| 387 |
+function cleanup_CA {
|
|
| 388 |
+ rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT" |
|
| 389 |
+} |
|
| 390 |
+ |
|
| 375 | 391 |
# Tell emacs to use shell-script-mode |
| 376 | 392 |
## Local variables: |
| 377 | 393 |
## mode: shell-script |
| ... | ... |
@@ -122,9 +122,10 @@ if is_service_enabled horizon; then |
| 122 | 122 |
stop_horizon |
| 123 | 123 |
fi |
| 124 | 124 |
|
| 125 |
-# Kill TLS proxies |
|
| 125 |
+# Kill TLS proxies and cleanup certificates |
|
| 126 | 126 |
if is_service_enabled tls-proxy; then |
| 127 |
- killall stud |
|
| 127 |
+ stop_tls_proxy |
|
| 128 |
+ cleanup_CA |
|
| 128 | 129 |
fi |
| 129 | 130 |
|
| 130 | 131 |
SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/* |