(Posted by Kyle Gleed)

VMware Cloud Foundation Edge Removal Tool

VMware Cloud Foundation uses advanced automation to simplify the deployment and ongoing management of a modern software-defined data center. Included in this automation is the deployment and configuration of VMware NSX-T during workload domain creation. Following the domain creation, the SDDC Manager provides automation for deploying and configuring NSX edge clusters.

As of Cloud Foundation version 4.1, the edge cluster automation capabilities of the SDDC manager does not include the ability to remove a previously deployed Edge Cluster. To fill this gap, VMware provides a separate "edge cleaner" tool as part of the VMware Knowledge Base Article:  https://kb.vmware.com/s/article/78635.

This post will look at the edge cleaner tool and how it is used to remove previously deployed NSX Edge Clusters from a Cloud Foundation domain

Prerequisites

The edge cleaner tool is only to be used to remove edge clusters deployed by the SDDC Manager. It is a command-line tool that comes with the following prerequisites.

• You must have root access to the SDDC Manager appliance. The edge cleaner tool is written in python and delivered as a tarball. The tarball needs to be downloaded and extracted on the SDDC Manager and invoked as "root".  

• You must have access to the administrator SSO credentials for the workload domain. Typically this will be "administrator@vsphere.local". The edge cleaner tool invokes SDDC Manager APIs and requires valid SSO credentials to be passed in as arguments.

• The edge cleaner tool is for removing NSX edge clusters that were deployed by the SDDC Manager. Do not use the edge cleaner tool to remove edge clusters deployed outside of the SDDC Manager.

• The edge cleaner tool is designed to remove "empty" edge clusters. Any NSX configuration added or attached to an edge cluster configuration must be removed before removing an edge cluster.

• The edge cleaner queries the SDDC Manager repository for names of the NSX Edge cluster, transport nodes, and related objects. If any objects were renamed, those object names must be reverted back to the original name assigned when the edge cluster was created.

Downloading and Extracting the Edge Cleaner

To download the edge cleaner tool go to the VMware Cloud Foundation NSX-T Edge Cluster Deployment Removal Tool knowledge-based article https://kb.vmware.com/s/article/78635. On the right side of the page, you will see a link to the "edge_cluster_cleaner_0.17.tar.gz" file under "Attachments" .   

Click the link to download the tool.

Extracting the Edge Cleaner Tarball

Using your preferred Secure Copy (SCP) client, copy the "edge_cluster_cleaner_0.17.tar.gz" file to the SDDC Manager. Login to the SDDC Manager with the username "vcf" and the appropriate password for your environment.

Next, using your preferred Secure Shell (SSH) client log onto the SDDC Manager.

(Note, if you have an older version of the clean tool installed, remove it before extracting the new version):

Step 1: Login to the SDDC Manager. Login as the user "vcf".

Example:

# ssh vcf@<SDDC-Manager >

Step 2: Switch user to root.

Example:

# su -

# <enter roort password>

Step 3: As root, copy the "edge_cluster_cleaner_0.17.tar" tarball to the root user home directory.

Example:

# cp ./edge_cluster_cleaner_0.17.tar.gz /root

# cd /root

Step 4: Uncompress the archive and extract the tarball (note that the contents will be extracted into the "cleanup" folder).

Example:

# gzip -d ./edge_cluster_cleaner_0.17.tar.gz

# tar xvf ./edge_cluster_cleaner_0.17.tar

Running the Edge Cleaner

Run the "./remove_edge_cluster.sh" script and pass in the name of the edge cluster to be removed along with the name of the workload domain, and the SSO username.

Example:

# ./remove_edge_cluster.sh --cluster wld01-edge-cluster --workload wld01 --user administrator@vsphere.local

<enter root password>

Note, the tool does not ask you to confirm the action or check to see if objects are in use before attempting to remove them. Be careful to avoid typos or inadvertently entering the wrong edge cluster name. Once initiated, the operations are permanent and cannot be undone.  

The edge cluster cleanup tool has limited provision for disconnecting linked segments from a cluster's tier-1 gateway. Still, it is recommended that a user remove or disconnect any elements they have added to an edge cluster before invoking the cluster cleanup tool. Not doing so can prevent the cleanup tool from being able to clean up the edge cluster.

The items removed during an edge cluster cleanup typically include:

• Tier-1 gateway.

• Tier-0 router.

• Edge cluster.

• Edge node VMs.

• Edge uplink segments.

• VLAN-backed transport zones created for the edge deployment.

• vCenter portgroups created for the edge deployment.

• Resource pool, if one was created as part of edge deployment.

• VMware SDDC Manager inventory records of the edge deployment.

Retrying an Edge Cluster Cleanup

Some conditions can prevent an edge cluster from being successfully removed on the first invocation. If the edge cleaner tool is unable to remove the edge cluster successfully, you can attempt to re-run the edge cleaner a second time. Typically the second invocation will complete successfully. If, after a second attempt, the removal of the edge cluster still fails, it may be necessary to login to the NSX Manager and manually remove objects.

Note that the most common reason for the edge cleanup tool to fail is when objects exist that were created outside of the SDDC Manager workflow. Remember to remove any edge cluster related-objects that were manually created outside of the SDDC Manager workflow before attempting to use the edge cleanup tool to remove the cluster.