Offboarding a Site During Force Deletion of SSP
Article ID: 382295
Updated On:
Products
Issue/Introduction
When performing a Force Delete of a SSP instance, any onboarded NSX sites must be properly offboarded from NSX Manager before deletion.
If this cleanup is skipped:
- NSX Manager may continue to reference the removed SSP instance, and
- The site may fail to onboard to a new SSP instance.
Environment
SSP 5.0 , SSP 5.1
Cause
The NSX Manager is configured to send data to the SSP Instance it is onboarded to and it cannot be onboarded to a new SSP Instance until it is no longer configured to be connected to the current SSP Instance.
Thus, if SSP is removed, the NSX Manager will continue to try to send data to a SSP that is no longer deployed and will not be able to be onboarded to a new SSP Instance.
Resolution
Important Disclaimer
Ensure that you use the correct cleanup script for your SSP version.
Running the SSP 5.0 script on SSP 5.1 (or vice versa) may result in incomplete cleanup or API call failures.
Always verify the SSP version before executing the script.
SSP 5.0 script attached to this KB is "site-offboarding-cleanup-nsx-ssp5.0.sh"
SSP 5.1 script attached to this KB is "site-offboarding-cleanup-nsx-ssp5.1.sh"
SSP 5.0:
(1) Access SSPI via root account.
(2) Copy the attached bash script "site-offboarding-cleanup-nsx-ssp5.0.sh" to SSPI and run it.
Example usage:
./site-offboarding-cleanup-nsx-ssp5.0.sh [-h|--host <mgr_host_ip>] [-u|--username <username>] [-p|--password <password>]
site-offboarding-cleanup-nsx-ssp5.0.sh
(3) After copying site-offboarding-cleanup-nsx.sh to SSPI, provide permission:
chmod 777 site-offboarding-cleanup-nsx-ssp5.0.sh
(4) Provide NSX manager details, for example:
./site-offboarding-cleanup-nsx-ssp5.0.sh -h nsx_manager_ip -u admin -p nsx_manager_admin_password
(5) After successful cleanup, we should see something like this:
./site-offboarding-cleanup-nsx-ssp5.0.sh -h x.x.x.x -u admin -p *******
Verifying connection...
Cleaning up Appliance Info Object...
cluster_id of appliance info object: 96a6ade0-65cb-4004-843c-6f7c24e6edd2
Cleaning up Site Name...
Site name unbound successfully
Cleaning up principal identities...
deleted principal identity successfully
removing certificate for pi napp_platform_egress_mutable
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_kafka
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_egress
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_ingress
deleted certificate successfully
Cleaning up UI Plugin...
UI Plugin successfully deleted.
NSX Site cleanup complete.
SSP 5.1:
(1) Access SSPI CLI via sysadmin user.
(2) Copy the attached bash script "site-offboarding-cleanup-nsx-ssp5.1.sh" to SSPI and run it.
Example usage:
./site-offboarding-cleanup-nsx-ssp5.1.sh [-h|--host <mgr_host_ip>] [-u|--username <username>] [-p|--password <password>]
site-offboarding-cleanup-nsx-ssp5.1.sh
(3) After copying site-offboarding-cleanup-nsx-ssp5.1.sh to SSPI, provide permission:
chmod 777 site-offboarding-cleanup-nsx-ssp5.1.sh
(4) Provide NSX manager details, for example:
./site-offboarding-cleanup-nsx-ssp5.1.sh -h nsx_manager_ip -u admin -p nsx_manager_admin_password
(5) After successful cleanup, we should see something like this:
./site-offboarding-cleanup-nsx-ssp5.1.sh -h x.x.x.x -u admin -p *******
Verifying connection...
Resetting PaceHostConfigProfile to default values...
Concurrent transaction conflict detected (attempt 1/5). Retrying in 5 seconds...
PaceHostConfigProfile reset successfully
Cleaning up Appliance Info Object...
cluster_id of appliance info object: d3e89e54-aeb7-44e7-9ecb-587094329ec8
appliance info object deleted successfully
Cleaning up Site Name...
Site name unbound successfully
Cleaning up principal identities...
deleted principal identity successfully
removing certificate for pi ssp_platform_egress_ATP_d3e89e54-aeb7-44e7-9ecb-587094329ec8
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_ingress
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_kafka
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_egress_mutable
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi napp_platform_egress
deleted certificate successfully
deleted principal identity successfully
removing certificate for pi ssp_platform_egress_mutable_ATP_d3e89e54-aeb7-44e7-9ecb-587094329ec8
deleted certificate successfully
Cleaning Up Agent Certificates...
deleted NAPP_COMMON_AGENT site 0ced2415-a072-44c3-8e6d-0741be970f5d certificate successfully
deleted NAPP_PACE_AGENT site 0ced2415-a072-44c3-8e6d-0741be970f5d certificate successfully
deleted NAPP_METRICS_AGENT site 0ced2415-a072-44c3-8e6d-0741be970f5d certificate successfully
Cleaning up UI Plugin...
UI Plugin successfully deleted.
NSX Site cleanup complete.
Additional Information
1. In bash, the ! character is used for history expansion, which lets you recall previous commands (like !ls, !23, etc). So you run:
./site-offboarding-cleanup-nsx.sh -p 'P@ssw0rd!'
Note: The ! is interpreted by the shell as a history command, not as part of the string. This causes the command to break or behave unexpectedly.
2. You may experience below error, while onboarding NSX Manager in SSP (Mostly in redeployment scenario). You can follow this article for clean up NSX details and then perform onboard task to integrate NSX.
Error: This site is already registered to an SSP or NAPP instance. Please disconnect this site from any other SSP or NAPP instances and retry.
Attachments
Feedback
