Forum Discussion
objects are nested and need to be deleted in order, if a pool belongs to a virtual server -or an irule it can be deleted until that previous object is removed, or modififed to releive the constraint.
From the CLI - you delete only to the object name:
delete ltm virtual MYvip1
delete ltm virtual MYvip2
delete ltm pool mypool1
delete ltm pool mypool2
delete ltm node ..........
- mkyrcCirrus
It is possible, but, as PhatANhappy wrote, configuration objects are nested and order of delete is important.
The question is about count of object to delete:
- if there are few objects, the web interface is sufficient (see statistics of virtual servers-> then delete these with count of zero. then see statistics of pools -> delete pools, then the same about members). yes, it's not "script" and you can forgot something (e.g. irule, profile, nat pool,...)
- if there is many objects, then you can use 1) bash script with tmsh commands, 2) python sdk or rest api call with json parsing (or any other tool) with querying "stats" - all with the correct order - JRahmAdmin
My first question on preparing a script for this would be to ask how you're identifying inactive objects. Is that by policy (ie..from a list or spreadsheet) or from actual inactivity in traffic? The rest is pretty straightforward with a local tmsh script or remote script with API calls as mkyrc mentions.
i like to use TCP - analytics / connections to check for traffic over time. Once i rule out your typical noise makers ( certificate scanning tools, and app monitor tools (solarwinds/ new relic etc.) I can usually determine by traffic divided by box uptime to see if a vip is in use. I also check the adjusted ratio of traffic comparing VS - and pool, if traffic is not being processed by the pool, its less needed.
Another fun place to check is IHealth. it takes a minute to pull a qkview and get it uploaded and analyized but its worth it.
All hail JRahm
before and if he doesnt reply fast enough......
using ihealth will not - should not display a VS that is not in use.... that being said, you are ok with deleting objects recommended as orphaned. if there is a hook, the f5 - appiance will/should protect you ..... i.e. - a pool that is not referenced in a a virtual server config - yet -is referenced in an irule will be flagged - and not allowed to be deleted as nested.
i would highly recommend using the ihealth as a spring board to a manual check via the gui or SCF file ( or other automation) before deletion.
as you can see in the screen shot below - it does not reference the Virtual server...... if you delete a virtual server - its gone.....if you do delete all - they are gone....
if you only delete the virtual server - and only the ones you are 100% positive are not in use - you are ok to ATTEMPT to delete the pool - and if its being called by other are areas ( irules or policies) - it will be flagged - and pre-vented from deletetion. Before your attempt a bold move -you need to be positive that the pool in question does not have any other hooks or possiblities of backend configurations AND - - AND - i would recommend 1000%
save sys ucs
save sys config file ......
as backup BEFORE doing any deletions.
Althought this might sound scary .... and it should ..... please deploly "purpose full" computing. if you do something - like delete pools or virtual servers - make sure you have a backup - and make sure you MEANT no harm - and you knew what you were deleting - and why you were deleting it.
the clicky - clicky world - is a scary - scary world.