Cleaning up NSX ALB (Avi) Pool when referred to by L4PolicySet

I’ve been using the NSX Advanced Load Balancer for many of my experiments in the lab. Sometimes I build configurations that do not work correctly, especially around TKG. From time to time, I find that my TKG management cluster does not stand up successfully, and so I have to manually clear it down and start over. From time to time, this has left my NSX ALB with some objects that also need to be manually cleaned up. While I can delete Virtual Services and Virtual IP Addresses with ease in the NSX ALB portal/UI, I am sometimes left in a situation where I am unable to delete a Pool, e.g.

But I am unable to delete it from the UI. This is the error message that I encounter: “Cannot delete, object is referred by: [‘L4PolicySet…’]”.

I have not yet found a way to address this from the UI, but it can be easily resolved from the command line of the NSX ALB. Here are the steps.

Step 1 – SSH onto the NSX ALB

% ssh admin@xx.xx.xx.163

Avi Cloud Controller

Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
All rights reserved.

Version:      20.1.5
Date:         2021-04-15 07:08:29 UTC
Build:        9148
Management:   xx.xx.xx.163/24                UP
Gateway:      xx.xx.xx.254                   UP


The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Last login: Wed Sep 15 16:13:33 2021 from 10.30.80.225

admin@xx-xx-xx-163:~$

Step 2 – Run the shell command to get into the admin system

admin@xx-xx-xx-163:~$ shell
Login: admin
Password: ********

[admin:xx-xx-xx-163]: >

Step 3 – Examine the Pools

The admin CLI supports tab completion, so if you want to get a full list of commands, type part of the command and then use the tab key to see what options are available. In this case, I want to confirm that the pool that I could not delete from the UI is present, and if I try to delete it from the CLI, I get the same error:

[admin:xx-xx-xx-163]: > show pool
+---------------------------------------------------------------+------+---------------+-------------+--------------------+
| Name                                                          | Port | Cloud         | Oper State  | Servers (up/total) |
+---------------------------------------------------------------+------+---------------+-------------+--------------------+
| tkg-system-mgmt--default-default-workload-control-plane--6443 | 80   | Default-Cloud | OPER_UNUSED | 0/1                |
+---------------------------------------------------------------+------+---------------+-------------+--------------------+

[admin:xx-xx-xx-163]: > delete pool tkg-system-mgmt--default-default-workload-control-plane--6443
{"error": "Cannot delete, object is referred by: ['L4PolicySet tkg-system-mgmt--default-default-workload-control-plane']", "obj_name": "tkg-system-mgmt--default-default-workload-control-plane--6443"}

The error is indeed the same. The pool is being referred to by an L4PolicySet object. Let’s check that next:

Step 4 – Examine the L4PolicySets

I can use the tab complete to find this command.

[admin:xx-xx-xx-163]: > show l<tab>
l4policyset                       No help string defined for L4PolicySet
labelgroup                        No help string defined for LabelGroup
license                           No help string defined for ControllerLicense
logcontrollermapping              Show mapping of log controllers for each VS
logs-status                       show logs subsystem status

[admin:xx-xx-xx-163]: > show l4policyset
+---------------------------------------------------------+--------------------------------------------------+
| Name                                                    | UUID                                             |
+---------------------------------------------------------+--------------------------------------------------+
| tkg-system-mgmt--default-default-workload-control-plane | l4policyset-4ae99acd-3049-41fc-8298-acc7f4ac44ea |
+---------------------------------------------------------+--------------------------------------------------+

It would appear that there is only one L4 policy set in this configuration, making it easy to identify which one is referencing the pool.

Step  5 – Delete the L4PolicySet and then delete the Pool

I can now proceed with the deletion of both the L4PolicySet and the Pool. Remember that this was a lab proof-of-concept, and not a production environment. If you have any concerns regarding the removing of any of these objects, please speak to a technical support representative.

[admin:xx-xx-xx-163]: > delete l4policyset tkg-system-mgmt--default-default-workload-control-plane
Successfully deleted tkg-system-mgmt--default-default-workload-control-plane.

[admin:xx-xx-xx-163]: > delete pool tkg-system-mgmt--default-default-workload-control-plane--6443
Successfully deleted tkg-system-mgmt--default-default-workload-control-plane--6443.

The pool has now been successfully deleted.

One Reply to “Cleaning up NSX ALB (Avi) Pool when referred to by L4PolicySet”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.