如有必要,您可以執行指令碼來移除 NCP 建立的所有 NSX 物件。
安裝檔案包含下列清理指令碼:
- nsx_policy_cleanup.py - 如果在原則模式中建立 NSX 資源,則使用此指令碼。
- nsx_cleanup.py - 如果在管理程式模式中建立 NSX 資源,則使用此指令碼。
附註:在 vSphere with Tanzu 環境中,清理指令碼可在 vCenter Server Appliance 上的 /usr/lib/vmware-wcp 目錄中找到。
在執行指令碼之前,請執行以下工作:
- 停止 NCP。
- 移除您所建立並與 NCP 所建立物件相關聯的所有資源。如果不刪除這些物件,指令碼將會失敗。例如,如果 NCP 建立一個區段,且您建立了一個分散式防火牆 (DFW) 規則和群組,並與該區段相關聯,則您必須刪除該 DFW 規則和群組,或者移除這些關聯。或者,如果您將虛擬機器連結至該區段,則必須刪除這些虛擬機器,或中斷與該區段之間的連結。
原則模式
Usage: nsx_policy_cleanup.py [options] Options: -h, --help show this help message and exit --mgr-ip=MGR_IP NSX Manager IP address -u USERNAME, --username=USERNAME NSX Manager username, ignored if nsx-cert is set -p PASSWORD, --password=PASSWORD NSX Manager password, ignored if nsx-cert is set -n NSX_CERT, --nsx-cert=NSX_CERT NSX certificate path -k KEY, --key=KEY NSX client private key path --vc-endpoint=VC_ENDPOINT IpAddress or Hostname of VC, ignored if environment variable VC_ENDPOINT is set --vc-username=VC_USERNAME Username for the VC ServiceAccount, ignored if environment variable VC_USERNAME is set --vc-password=VC_PASSWORD Password for the VC ServiceAccount, ignored if environment variable VC_PASSWORD is set --vc-https-port=VC_HTTPS_PORT HTTPS port of VC, ignored if environment variable VC_HTTPS_PORT is set. If not present, 443 default value will be used --vc-sso-domain=VC_SSO_DOMAIN SSO Domain of VC, ignored if environment variable VC_SSO_DOMAIN is set. If not present, local default value will be used --vc-ca-cert=VC_CA_CERT Specify a CA bundle to verify the VC server certificate. It will be ignored if environment VC_CA_CERT is set --vc-insecure Not verify VC server certificate -c CLUSTER, --cluster=CLUSTER Cluster to be removed -r, --remove CAVEAT: Removes NSX resources. If not set will do dry- run. --top-tier-router-id=TOP_TIER_ROUTER_ID Specify the top tier router id. Must be specified if top tier router does not have the cluster tag --all-res Also clean up HA switching profile, ipblock, external ippool. These resources could be created by TAS NSX-T Tile --no-warning Disable urllib's insecure request warning --status Check the deletion status, the exit code can be success(0), in progress(EXIT_CODE_IN_PROGRESS or failure(other non-zerovalues) --thumbprint=THUMBPRINT Specify one or a list of thumbprint strings to use in verifying the NSX Manager server certificate
例如:
python nsx_policy_cleanup.py --mgr-ip={nsx_mngr_ip} -u admin -p {password} -c {k8s_cluster_name} --no-warning -r
在某些情況下,必須指定 top-tier-router-id 參數。
管理程式模式
Usage: nsx_cleanup.py [options] Options: -h, --help show this help message and exit --mgr-ip=MGR_IP NSX Manager IP address -u USERNAME, --username=USERNAME NSX Manager username, ignored if nsx-cert is set -p PASSWORD, --password=PASSWORD NSX Manager password, ignored if nsx-cert is set -n NSX_CERT, --nsx-cert=NSX_CERT NSX certificate path -k KEY, --key=KEY NSX client private key path -c CLUSTER, --cluster=CLUSTER Cluster to be removed -r, --remove CAVEAT: Removes NSX resources. If not set will do dry- run. --top-tier-router-uuid=TOP_TIER_ROUTER_UUID Specify the top tier router uuid. Must be specified if top tier router does not have the cluster tag or for a single-tier1 topology --all-res Also clean up HA switching profile, ipblock, external ippool. These resources could be created by TAS NSX-T Tile --no-warning Disable urllib's insecure request warning
例如:
python nsx_cleanup.py --mgr-ip={nsx_mngr_ip} -u admin -p {password} -c {k8s_cluster_name} --top-tier-router-uuid={top_tier_router_uuid} --no-warning -r