You can't delete a Storage Virtual Machine or Volume - FSx for ONTAP

You can't delete a Storage Virtual Machine or Volume

Each Amazon FSx for NetApp ONTAP file system can contain one or more Storage Virtual Machines (SVMs), and each SVM can contain one or more volumes. When you delete a resource, you must first ensure that all its children have been deleted. For example, before deleting an SVM, you should first delete all the non-root volumes in the SVM.

To help protect your data and configuration, Amazon FSx prevents the deletion of SVMs and volumes in certain circumstances. If you attempt to delete an SVM or volume, and your deletion request does not succeed, Amazon FSx provides you with actionable information in the AWS console, CLI, and API on why the resource was not deleted, enabling you to retry the deletion request after you have addressed the cause of the deletion failure.

Identifying failed deletions

When you delete an Amazon FSx SVM or volume, you typically see the resource's Lifecycle transition to DELETING for up to a few minutes before the resource disappears from the Amazon FSx Console, CLI, and API.

If you attempt to delete a resource and its Lifecycle transitions from DELETING back to CREATED, this indicates that the resource did not successfully delete. In this case, Amazon FSx reports an alert icon in the AWS Console next to the CREATED Lifecycle state. Clicking the alert icon displays the reason for the unsuccessful deletion (see example below).

The common reasons behind Amazon FSx preventing SVM and volume deletion are provided below, with step-by-step instructions on how to resolve them.

SVM deletion: Active Directory connectivity cannot be established

FSx for ONTAP SVMs create a computer object in your Active Directory (AD) when they join your AD. When you delete an SVM, Amazon FSx attempts to delete this AD computer object from your AD. If Amazon FSx cannot reach your AD, it cannot delete your SVM's computer object, and your file system’s LifecycleTransitionReason shows the following:

Amazon FSx is unable to communicate with your Active Directory domain controller(s). Please allow network traffic between Amazon FSx and your domain controller(s) as recommended in the Amazon FSx user guide and then create a new storage virtual machine.

To resolve this, check your Security Groups and firewalls to allow for traffic between your SVM and your AD over the ports outlined in Prerequisites for using a self-managed Microsoft AD. If you identify any gaps between your routing and the ports outlined, enable them and retry the deletion.

If you cannot identify any gaps in routing, you can manually unjoin an SVM from your AD using the ONTAP CLI. To access the ONTAP CLI, follow the steps in Managing file systems with the NetApp ONTAP CLI, logging into the ONTAP CLI at the file system level with fsxadmin credentials. Using the ONTAP CLI, take the following steps:

Important

This procedure can strand the computer object of your SVM on your AD.

  1. Enter advanced mode in the ONTAP CLI.

    FsxId123456789abcdef::> set adv

    Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel. Do you want to continue? {y|n}: y

  2. Delete the DNS for your Active Directory.

    FsxId123456789abcdef::*> vserver services name-service dns dynamic-update record delete -vserver svm_name -lif nfs_smb_management_1
  3. Disable the DNS.

    FsxId123456789abcdef::*> vserver services name-service dns dynamic-update modify -vserver svm_name -is-enabled false -use-secure false

    Warning: DNS updates for Vserver "svm_name" are now disabled. Any LIFs that are subsequently modified or deleted can result in a stale DNS entry on the DNS server, even when DNS updates are enabled again.

  4. Unjoin the device from Active Directory.

    FsxId123456789abcdef::*> vserver cifs delete -vserver svm_name
    In order to delete an Active Directory machine account for the CIFS server,
    you must supply the name and password of a Windows account with sufficient
    privileges to remove computers from the "CORP.EXAMPLE.COM" domain.
    Enter the user name: admin
    Enter the password:
    Warning: There are one or more shares associated with this CIFS server
         Do you really want to delete this CIFS server and all its shares? {y|n}: y
    Warning: Unable to delete the Active Directory computer account for this CIFS server.
         Do you want to continue with CIFS server deletion anyway? {y|n}: y
  5. If this fails, retry the deletion through the AWS API, CLI, or console.

SVM deletion: Route tables inaccessible

Each FSx for ONTAP file system creates one or multiple route table entries to provide automatic failover and failback across AZs. By default, these route table entries are created in your VPC's default route table. You can optionally specify one or more non-default route tables where FSx for ONTAP interfaces can be created. Amazon FSx tags each route table that it associated with a file system with an "AmazonFSx" tag, and if this tag is removed, it can prevent Amazon FSx from being able to delete resources. If this is encountered, you see the following LifecycleTransitionReason:

Amazon FSx is unable to complete the requested storage virtual machine operation because of an inability to access one or more of the route tables associated with your file system. Please contact AWS Support.

You can find your file system's route tables in the Amazon FSx console by navigating to the file system summary page, under the Network & security tab:

Clicking the route tables link takes you to your route tables. Next, verify that each of the route tables associated with your file system is tagged, with this key/value pair:

Key: AmazonFSx
Value: ManagedbyAmazonFSx

If this tag is not present, recreate it and retry the deletion of your SVM.

SVM deletion: Peer Relationship

If you are attempting to delete an SVM or volume that is part of a peer relationship, you must first delete the peer relationship before you delete the SVM or volume. This is to prevent the peered SVM(s) from becoming unhealthy. You see the following LifecycleTransitionReason if your SVM cannot be deleted due to a peer relationship:

Amazon FSx is unable to delete the storage virtual machine because it is part of a SVM peer or transition peer relationship. Please delete the relationship and retry.

You can delete SVM peer relationships through the ONTAP CLI. To access the ONTAP CLI, follow the steps in Managing file systems with the NetApp ONTAP CLI. Using the ONTAP CLI, take the following steps:

  1. Check for SVM peer relationships

    FsxId123456789abcdef::> vserver peer show -vserver svm_name
                Peer        Peer                           Peering        Remote
    Vserver     Vserver     State        Peer Cluster      Applications   Vserver
    ----------- ----------- ------------ ----------------- -------------- ---------
    svm_name    test2       peered       FsxId02d81fef0d84734b6
                                                           snapmirror     fsxDest
    svm_name    test3       peered       FsxId02d81fef0d84734b6
                                                           snapmirror     fsxDest
    2 entries were displayed.
  2. Delete each SVM peer relationship.

    FsxId123456789abcdef::> vserver peer delete -vserver svm_name -peer-vserver remote_svm_name

    Info: 'vserver peer delete' command is successful.

  3. If this fails, retry the deletion of your SVM through the AWS API, CLI, or console.

SVM/Volume deletion: SnapMirror policies

Similar to SVM deletion: Peer Relationship, you cannot delete an SVM that has a SnapMirror policy. You can delete SnapMirror policies through the ONTAP CLI. To access the ONTAP CLI, follow the steps in Managing file systems with the NetApp ONTAP CLI. Using the ONTAP CLI, take the following steps:

  1. List your SnapMirror policies.

    FsxId123456789abcdef::> snapmirror policy show -vserver svm_name
    Vserver Policy             Policy Number         Transfer
    Name    Name               Type   Of Rules Tries Priority Comment
    ------- ------------------ ------ -------- ----- -------- ----------
    svm_name policy_name       async-mirror  1     8  normal  -
       Discard Configs: network
      SnapMirror Label: sm_created                         Keep:       1
                                                     Total Keep:       1
    
  2. Delete your SnapMirror policy.

    FsxId123456789abcdef::> snapmirror policy delete -vserver svm_name -policy policy_name
  3. If this fails, retry the deletion of your SVM through the AWS CLI, API, or console.

Volume deletion: FlexCache relationship

You cannot delete volumes that are the origin volumes for a FlexCache relationship. To access the ONTAP CLI, follow the steps in Managing file systems with the NetApp ONTAP CLI. Using the ONTAP CLI, you can determine which volumes have a FlexCache relationship by taking the following steps:

  1. check for FlexCache relationships.

    FsxId123456789abcdef::> volume flexcache origin show-caches
  2. Delete the cache relationship(s).

    FsxId123456789abcdef::> volume flexcache delete -vserver dest_svm_name -volume dest_vol_name
  3. If this fails, retry the deletion of your SVM through the AWS CLI, API, or console.