1. Support Center
  2. Safous ZTNA
  3. Installation & Decommissioning

Decommissioning App Gateway

If you need to removed or decommissioned one or some of your App Gateway node/s from your environment, there are several steps that need to do.

First of all you need to ensure you have access either direct or remotely (without leverage Safous ZTA service) to every single nodes that part of you Safous ZTA environment cluster. Then you need to also have access to root account or as a sudoers.

Once you ensure have those condition, let's proceed with the decommissioning  !!


Decommission Procedure:

  1. Login to one of App Gateway node to find which nodes is actually holds the leader function or status. Please run this command in the App Gateway node:
    # sudo docker exec -it config_idac_1 ./idac tinker cluster members
  2. That command will give information about all the App Gateway node ID that part of cluster member. Below is the example of output
  3. The first ID near "Cluster Member", means it is your App Gateway node leader cluster. Based on image on previous step it's 67758f3b
  4. On the App Gateway node/s that you want to remove or decommission, please run this to check its ID
    # xxd /etc/cyolo/config/idfile
  5. That will shows the App Gateway ID like this value in red box
  6. Next step is to take down the node/s you want to decommission by running these command
    # docker-compose -f /etc/cyolo/config/docker-compose.yml down
    # docker-compose -f /etc/safous/user-portal/docker-compose.yml down
  7. Ensure that no App Gateway container is running anymore on the decommissioned node/s
    # docker ps -a
  8. On the rest of the App Gateway node/s that still being used, please check every ID by using command in step number 4. Then take a note which node that have ID of the leader like informed in step number 3.
  9. Next, remove every decommissioned node/s ID from the remaining  App Gateway by running this command (changed <ID> with proper ID value)
    # docker exec -it config_idac_1 ./idac tinker cluster remove <ID>
  10. Check again the cluster member status in remaining nodes by running command same as step number 1. If the previous command working normally, now you only can see the ID of remaining node in every App Gateway
  11. Once you ensure with the result, access the App Gateway node which is the leader which you already take a note in step number 8. Then run these commands

    # docker-compose -f /etc/cyolo/config/docker-compose.yml restart idac
    # docker logs -f config_idac_1

  12. Wait until the logs shows "accepting connections from upstream"
  13. Repeat steps number 11-12 in the rest of remaining App Gateway 
  14. On the decommissioned/removed, please run these commands to clean up the data

    # rm -rf /etc/cyolo
    # rm -rf /etc/safous

  15. When everything finished, try access your user-portal domain and ensure it works normally
  16. Lastly please access to admin portal (https://portal.safous.com) then go to Setting > ZTA > Configurations > Sites
  17. Choose the Site which doesn't have any App Gateway and click delete


That's all, you successfully decommissioned/removed the App Gateway node/s !!