Run-book to remediate NSX-T Management Plane objects created during upgrade
search cancel

Run-book to remediate NSX-T Management Plane objects created during upgrade

book

Article ID: 377083

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Alarm to remediate NSX-T Management Plane objects created during upgrade

 

Title: Alarm for mp2policy.deprecated_manager_object_present
Event ID: mp2policy.deprecated_manager_object_present

Environment

VMware NSX-T Data Center
VMware NSX
VCF 9.0

Cause

NSX does not allow users to proceed with upgrade to VCF 9.0 unless objects have been promoted or deleted, however this KB is there in case some objects happened to have been created by the user during the upgrade. This run-book helps customers clean up the pure Management plane logical objects created during upgrade to VCF 9.0.

The APIs listed in the section "Management Plane" (3.3 in API documentation of NSX 4.2.0 https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/4.2.0/) are referred as NSX Management plane logical APIs(also called MP APIs). Those APIs have been deprecated in favour of Policy APIs as indicated in NSX 3.2.0 release notes (https://docs.vmware.com/en/VMware-NSX/3.2/rn/vmware-nsxt-data-center-32-release-notes/index.html#Feature%20/%20API%20Deprecations%20and%20Behavior%20Changes-Deprecation%20announcement%20for%20NSX%20Manager%20APIs%20and%20NSX%20Advanced%20UIs)

Starting 9.0, those Management Plane Logical APIs are removed from NSX (exceptions called out below), and there should be no more objects created with those APIs. As part of this removal the tool to migrate those objects is also removed (Management to Policy tool).

The APIs under below sections are Management plane logical APIs which have been removed in 9.0-

  • Management plane API → Associations
  • Management plane API → Grouping Objects
  • Management plane API → Networking
  • Management plane API → Normalisation
  • Management plane API → Security (For exceptions please refer to exceptions section below)
  • Management plane API → Troubleshooting and Monitoring
  • System Administration → Lifecycle Management → Migration → MP2P migration

Exceptions:

Malware prevention, Service insertion, Monitoring, NSX Component Administration, Manual health check, port mirroring and packet capture APIs APIs will be moved under the below sections in the API documentation.

  1. Health check : System Administration > Monitoring > Health Checks
  2. Port mirroring : Policy > Monitoring > Port Mirroring > Legacy (Management Plane)
  3. Packet capture : Policy > Monitoring > Packet Capture > Legacy (Management Plane)
  4. Malware prevention : System Administration → Malware prevention
  5. Service insertion : System Administration → Service insertion
  6. Monitoring : System Administration → Monitoring
  7. NSX Component Administration : System Administration → NSX Component Administration


Please refer to the NSX API documentation -  https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/latest/ for API references.

Resolution

An alarm will be raised during the post upgrade callback stage if there any Management plane API logical objects found which have not been migrated to Policy, the alarm will provide information on the object and its type. Customers are expected to delete the objects using the below steps:

  1. Determine the type of objects created during the upgrade using the alarm notification.
  2. SSH to the NSX manager using root credentials.
  3. Fetch all the objects of each type using the GET APIs defined in the 4.2.0 API documentation -  https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/latest/. Execute the API using loopback address.
  4. Determine which objects are pure Management plane logical objects. Objects which have create user other "nsx_policy" or "system" are considered to be pure Management plane objects.
  5. Delete such objects using the DELETE APIs defined in the 4.2.0 API documentation -  https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/latest/. Execute the API using loopback address

This process can apply to any object type triggered by the Alarm.

Example:

  1. Alarm is raised with the message - "MP objects of type - LogicalSwitch are present after upgrade to 9.0".
  2. SSH to the NSX manager using root credentials.
  3. Fetch all the objects of each type - LogicalSwitch using the API - GET <loopback_address>/api/v1/logical-switches defined in the section - 3.3.5.3(Logical Switching)
  4. Determine which objects are pure Management plane logical objects. Objects which have create user other "nsx_policy" or "system" are considered to be pure Management plane objects.
  5. Delete all the objects of each type - LogicalSwitch using the API -DELETE <loopback_address>/api/v1/logical-switches/{lswitch-id}  defined in the section - 3.3.5.3(Logical Switching)

Additional Information

Impacted Environment: 

Any VMware environment running NSX-T 4.2.x or earlier which are upgraded to VCF 9.0

Powered by Wolken Software