NSX is awesome why uninstall?
I recently came across an old NSX-V enabled environment and had to find a way to Uninstall NSX as it was no longer required. Below are the steps I had to go through as simply turning off the VMs NSX is made of does not remove all the rules or bypasses NSX completely.
In terms of architecture, in such deployment, you have one NSX manager, three NSX controllers which allow the NSX Manager to propagate the rules/changes to each ESXi host and, a number of NSX objects like Edges, Logical Switches, Transport Zones etc. Some of these objects like Edges have a more visible representation in the sense that you normally have two VMs per NSX Edge, while others are only constructs you can see within NSX but not in vCenter.
Troubleshooting
Being a UAT environment which was not being maintained the first issue I had to deal with was the fact that all NSX Controllers were showing as disconnected meaning no configuration change could be made.
I had no luck using the GUI to remove and redeploy the NSX controllers and therefore had to use the API to force the controllers’ removal. This is documented in VMware Docs here but in a nutshell, I had to use an API client like Postman to delete the controllers one by one. In the following example “10.10.2.30” is the NSX manager IP address, “controller-6” is the controller I am targeting and the last option forceRemoval ensures the command proceeds and ignores the issues in this unhealthy environment: “https://10.10.2.30/api/2.0/vdn/controller/controller-6?forceRemoval=True”. I was then able to spin up the new NSX controllers the usual way.
I also noticed that the NSX Manager backups had not been working for a while and therefore I had to create at least one successful backup before my change.
Migrate VM network adapters
Next, I proceeded to migrate all VM network adapters from NSX virtual wires to distributed port groups reflecting the new vLAN IDs and there are many scripts online you can use to speed this process up.
NSX Decommissioning
Once the VMs have been migrated off virtual wires I could proceed to decommission NSX and this is the process I had to use where I was not able to proceed unless following the exact order of the first three steps:
- First I removed all NSX Edges: Home / Networking and Security / NSX Edges / Select/Delete/Repeat for next Edge
- Then I removed all Logical Switches: Home / Networking and Security / Logical Switches / Select/Delete/Repeat for the next Logical Switch
- There was one more thing I needed to do before I am allowed to remove the VIBs from clusters and that was to delete the transport zone: Home / Networking and Security / Installation / Logical Network Preparation / Transport Zones / Select/Delete
- Only after the above three actions were completed it allowed me to uninstall NSX from all ESXi hosts in prepared clusters: Home / Networking and Security / Installation / Host Preparation / Uninstall – and although this removed the VIBs from ESXi hosts, it did require the hosts to be placed into maintenance mode which I had to do manually
- I placed the hosts into maintenance mode and rebooted them, luckily there were sufficient resources to be able to place three hosts at a time into maintenance mode so the reboot did not take too long as I was able to do it in four batches
- I then deleted the NSX Controller appliances: Home / Networking and Security / Installation / Management / Select/Delete/Repeat for the next NSX Controller – this works fine via the GUI once the controllers were all connected and healthy (you just need to use force removal option for the last controller)
- At this point the NSX Manager is no longer needed and can be powered off or deleted – in my case as part of our change management process I am required to keep the VM off for thirty days before I can delete it: Home / VMs and Templates / locate the NSX Manager VM / Actions / Power / Shutdown Guest OS
- Finally I used the Managed Object Browser, to remove the plugin/extension: https://[NSX Manager IP]/mob / content / ExtensionManager / UnregisterExtension / In the text box after extensionKey, paste “com.vmware.vShieldManager” and click “Invoke Method” to execute
Normally I would expect to find this information on the vendor’s website or KB but usually, the accent is on onboarding as opposed to guiding customers on how to discontinue using the technology.
I hope you have found this useful!