From bd5dae0618ed697504a25a692a02e8372fc3d66c Mon Sep 17 00:00:00 2001
From: Stanislaw Pitucha <stanislaw.pitucha@hp.com>
Date: Wed, 25 Jun 2014 15:29:43 +0100
Subject: [PATCH] Do a proper tls/ca cleanup in unstack

Certificates and the index were left in the data directory after
running unstack. That would break devstack on the next run.

partial blueprint devstack-https
Change-Id: I6eb552a76fb29addf4d02254c027e473d6805df1
---
 lib/tls    | 19 +++++++++++++++++++
 unstack.sh |  5 +++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/lib/tls b/lib/tls
index 02906b7021..a84bb764ac 100644
--- a/lib/tls
+++ b/lib/tls
@@ -18,6 +18,9 @@
 # - configure_proxy
 # - start_tls_proxy
 
+# - stop_tls_proxy
+# - cleanup_CA
+
 # - make_root_CA
 # - make_int_CA
 # - make_cert ca-dir cert-name "common-name" ["alt-name" ...]
@@ -372,6 +375,22 @@ function start_tls_proxy {
 }
 
 
+# Cleanup Functions
+# ===============
+
+
+# Stops all stud processes. This should be done only after all services
+# using tls configuration are down.
+function stop_tls_proxy {
+    killall stud
+}
+
+
+# Remove CA along with configuration, as well as the local server certificate
+function cleanup_CA {
+    rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+}
+
 # Tell emacs to use shell-script-mode
 ## Local variables:
 ## mode: shell-script
diff --git a/unstack.sh b/unstack.sh
index a5e7b879f9..fe5fc77cd2 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -122,9 +122,10 @@ if is_service_enabled horizon; then
     stop_horizon
 fi
 
-# Kill TLS proxies
+# Kill TLS proxies and cleanup certificates
 if is_service_enabled tls-proxy; then
-    killall stud
+    stop_tls_proxy
+    cleanup_CA
 fi
 
 SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*