Deleting Users from Prism Central
Deleting users from Prism Central can become challenging at times. I recently came across a scenario in which trying to remove a user didn't work.
Removing a user via Prism Central CLI:
- Connect to the Prism Central cluster IP via SSH, and run: nuclei user.list
nutanix@PCVM:/tmp$ nuclei user.list
2021/02/02 17:24:16 Connected to 172.212.120.213:9876
2021/02/02 17:24:16 Authenticating connection 0x0
2021/02/02 17:24:16 nuclei is attempting to connect to Zookeeper
2021/02/02 17:24:16 Authenticated: id=0x176afba7f52e141, timeout=20000
"Total Entities : 36"
"Length : 20"
"Offset : 0"
"Entities :"
Name UUID State
00053c4e-d332-20e7-2e00-246e9620c630 356569c0-74d6-5428-b705-74ba4fb58930 COMPLETE
00053c50-a109-b9f1-0491-246e9620d740 20ba0942-4156-53e2-ac05-7c800f307a3f COMPLETE
00053d67-19c9-43a1-3105-246e961e09c8 3d2cb641-9f97-5dbb-b3c4-ece40cf59218 COMPLETE
00053d6d-5be7-2e05-2888-246e961e09b0 de9f1db6-3fc3-5f7f-8631-04b8b3f9cdb4 COMPLETE
admin 00000000-0000-0000-0000-000000000000 COMPLETE
pr@myspace.com 61041064-90e8-563e-8e6b-2037589f6e56 COMPLETE
2. Execute the delete command: nuclei user.delete user_uuid
nutanix@PCVM:/tmp$ nuclei user.delete 61041064-90e8-563e-8e6b-2037589f6e56
2021/02/02 17:27:28 Connected to 172.22.10.12:9876
2021/02/02 17:27:28 Authenticating connection 0x0
2021/02/02 17:27:28 nuclei is attempting to connect to Zookeeper
2021/02/02 17:27:28 Authenticated: id=0x176afba7f52e155, timeout=20000
Confirm deletion of user? (yes/no) yes
"Deleted user with UUID:61041064-90e8-563e-8e6b-2037589f6e56"
Typically, the above process works without an issue, but occasionally you may run across problems that prevent you from deleting an account. When failure occurs, you'll receive an output like this:
api_version: '3.1'
metadata:
categories: {}
categories_mapping: {}
kind: user
spec_version: 0
uuid: 77bc0866-7dcb-51f8-a7f2-eb9466ef9dcf
spec:
resources:
directory_service_user:
directory_service_reference:
kind: directory_service
uuid: 82cf658f-4a5d-4fd4-afeb-dda80ce3c8bc
user_principal_name: ag@myspace.com
status:
execution_context:
task_uuid:
- 5eba2d84-0609-4855-a285-3ed12e787942
message_list:
- message: User cannot be deleted as there are resources associated with this user.
Change the ownership on the associated entities and try again.
reason: INTERNAL_ERROR
name: ag@myspace.com
resources:
access_control_policy_reference_list: []
directory_service_user:
default_user_principal_name: ag@myspace.com
directory_service_reference:
kind: directory_service
name: Myspace
uuid: 82cf658f-4a5d-4fd4-afeb-dda80ce3c8bc
user_principal_name: ag@myspace.com
display_name: AdminAG
projects_reference_list:
- kind: project
name: default
uuid: 12ae2f4b-4f1b-4bef-869a-3b3513cd63ee
resource_usage_summary:
resource_domain:
resources: []
user_type: DIRECTORY_SERVICE
state: ERROR
To remove these accounts, we will need to download a script from Nutanix.
- Change directory to /tmp and download the script via wget.
nutanix@PCVM:~$ cd /tmp
nutanix@PCVM:/tmp$ wget http://download.nutanix.com/kbattachments/7127/user_delete_by_user_uuid.py
2. Edit the script to add the UUID of the user you intend to delete. Using VI, locate user_uuids = ["user"], press I, then update the user with the UUID of the user you intend to delete. Press Esc, then type :wq!
vi user_delete_by_user_uuid.py
3. Execute the script.
nutanix@PCVM:~$ python user_delete_by_user_uuid.py
The script will remove the user and your user list will be up to date!