Cleaning up NSX ALB (Avi) Pool when referred to by L4PolicySet
I’ve been using the NSX Advanced Load Balancer for many of my experiments in the lab. Sometimes I build configurations that do not work correctly, especially around TKG. From time to time, I find that my TKG management cluster does not stand up successfully, and so I have to manually clear it down and start over. From time to time, this has left my NSX ALB with some objects that also need to be manually cleaned up. While I can delete Virtual Services and Virtual IP Addresses with ease in the NSX ALB portal/UI, I am sometimes left in a situation where I am unable to delete a Pool, e.g.
But I am unable to delete it from the UI. This is the error message that I encounter: “Cannot delete, object is referred by: [‘L4PolicySet…’]”.
I have not yet found a way to address this from the UI, but it can be easily resolved from the command line of the NSX ALB. Here are the steps.
Step 1 – SSH onto the NSX ALB
% ssh admin@xx.xx.xx.163 Avi Cloud Controller Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc. All rights reserved. Version: 20.1.5 Date: 2021-04-15 07:08:29 UTC Build: 9148 Management: xx.xx.xx.163/24 UP Gateway: xx.xx.xx.254 UP The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php Last login: Wed Sep 15 16:13:33 2021 from 10.30.80.225 admin@xx-xx-xx-163:~$
Step 2 – Run the shell command to get into the admin system
admin@xx-xx-xx-163:~$ shell Login: admin Password: ******** [admin:xx-xx-xx-163]: >
Step 3 – Examine the Pools
The admin CLI supports tab completion, so if you want to get a full list of commands, type part of the command and then use the tab key to see what options are available. In this case, I want to confirm that the pool that I could not delete from the UI is present, and if I try to delete it from the CLI, I get the same error:
[admin:xx-xx-xx-163]: > show pool +---------------------------------------------------------------+------+---------------+-------------+--------------------+ | Name | Port | Cloud | Oper State | Servers (up/total) | +---------------------------------------------------------------+------+---------------+-------------+--------------------+ | tkg-system-mgmt--default-default-workload-control-plane--6443 | 80 | Default-Cloud | OPER_UNUSED | 0/1 | +---------------------------------------------------------------+------+---------------+-------------+--------------------+ [admin:xx-xx-xx-163]: > delete pool tkg-system-mgmt--default-default-workload-control-plane--6443 {"error": "Cannot delete, object is referred by: ['L4PolicySet tkg-system-mgmt--default-default-workload-control-plane']", "obj_name": "tkg-system-mgmt--default-default-workload-control-plane--6443"}
The error is indeed the same. The pool is being referred to by an L4PolicySet object. Let’s check that next:
Step 4 – Examine the L4PolicySets
I can use the tab complete to find this command.
[admin:xx-xx-xx-163]: > show l<tab> l4policyset No help string defined for L4PolicySet labelgroup No help string defined for LabelGroup license No help string defined for ControllerLicense logcontrollermapping Show mapping of log controllers for each VS logs-status show logs subsystem status [admin:xx-xx-xx-163]: > show l4policyset +---------------------------------------------------------+--------------------------------------------------+ | Name | UUID | +---------------------------------------------------------+--------------------------------------------------+ | tkg-system-mgmt--default-default-workload-control-plane | l4policyset-4ae99acd-3049-41fc-8298-acc7f4ac44ea | +---------------------------------------------------------+--------------------------------------------------+
It would appear that there is only one L4 policy set in this configuration, making it easy to identify which one is referencing the pool.
Step 5 – Delete the L4PolicySet and then delete the Pool
I can now proceed with the deletion of both the L4PolicySet and the Pool. Remember that this was a lab proof-of-concept, and not a production environment. If you have any concerns regarding the removing of any of these objects, please speak to a technical support representative.
[admin:xx-xx-xx-163]: > delete l4policyset tkg-system-mgmt--default-default-workload-control-plane Successfully deleted tkg-system-mgmt--default-default-workload-control-plane. [admin:xx-xx-xx-163]: > delete pool tkg-system-mgmt--default-default-workload-control-plane--6443 Successfully deleted tkg-system-mgmt--default-default-workload-control-plane--6443.
The pool has now been successfully deleted.
Hey Cormac, thanks for this… i was looking for these steps…