Avi/NSX ALB: Deleting httppolicyset via CLI

VMware NSX Advanced Load Balancer – also known as AVI Vantage – is a very comprehensive load balancer I was implementing in my lab the last days.

The context

By default AVI Controller creates one HTTP-Policy-Set per Virtual Service by default and can be managed via UI. However the UI does not allow to create multiple ones, but still multiple sets are indeed supported. The only caveat is that they can only be created/deleted via CLI/API only.

As part of some troubleshooting an automatism created an additional HTTP-Policy-Set, but did not remove it. Hence having one additional HTTP-Policy-Set stuck on my virtual service.

The "issue"

When trying to delete it via CLI, you might end up with:

[admin:avicontroller]: > delete httppolicyset Test-LetsEncryptHTTPpolicy
{"error": "Cannot delete, object is referred by: ['VirtualService TestWeb']", "obj_name": "Test-LetsEncryptHTTPpolicy"}
[admin:avicontroller]: >

The solution

To delete additional HTTP-Policy-Sets do the following:

  1. Connect to the AVI Controller via SSH

  2. Open the custom shell by typing shell and logging in

  3. Configure the virtualservice by switching into the virtualservice context:

    [admin:avicontroller]: > configure virtualservice TestWeb
    Updating an existing object. Currently, the object is:
    +------------------------------------+-----------------------------------------------------+
    | Field                              | Value                                               |
    +------------------------------------+-----------------------------------------------------+
    | uuid                               | virtualservice-56b7eb0c-5044-4700-a217-3784a6f0d397 |
    | name                               | TestWeb                                             |
    [...]
  4. De-reference the httppolicyset and exit the context by using:

    [admin:avicontroller]: virtualservice> no http_policies index 1
    Removed http_policies with index 1
    
    [admin:avicontroller]: virtualservice> exit
    +------------------------------------+-----------------------------------------------------+
    | Field                              | Value                                               |
    [...]
  5. List all HTTP-Policies-Sets by using the auto-completion via tab:

    [admin:avicontroller]: > delete httppolicyset[tab]
    Test-LetsEncryptHTTPpolicy
  6. Finally delete the httppolicyset by using:

    [admin:avicontroller]: > delete httppolicyset Test-LetsEncryptHTTPpolicy
    Successfully deleted Test-LetsEncryptHTTPpolicy.

All done!

Patrik Kernstock

May I introduce my self? I am Patrik Kernstock, 25 years old, perfectionist, born in Austria and living in Ireland, Cork. Me explained in short: Tech- and security enthusiast, series & movies junky. Interesting in Linux, Container-stuff and many software solutions by Microsoft, Veeam and VMware.

0 0 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x