Delete policies manually from a node


Under certain circumstances, it is possible for the policy inventory on the management server to get out of synch with the actual managed nodes.

For example, when a SPI is uninstalled from the management server, a forced undeployment for all SPI policies is executed. That is, the SPI policies are removed from the policy inventory on the management server, even if the managed node is currently not running or just not reachable. After the node is up and running again, however, the policies (which where not removed) may still generate lots of messages.

These policies are no longer in the policy inventory on the server, it is not possible to remove them from the managed node using the console. If the node has the HTTPS agent, you can synchronize the inventory, and then remove the policy using the console. Alternatively, you can remove the policy manually. If the node has the DCE agent, you must remove the policies manually from the managed node.

The procedure to delete policies manually differs, depending on whether the node has a HTTPS agent or a DCE agent.

Note NOTE:
A forced policy undeployment can also be started using the PMAD API.

To delete policies manually from a node that has the HTTPS agent

  1. Log in to the node as a user with administrative rights, and open a command or shell prompt.
  2. On nodes that run a UNIX or Linux operating system, ensure that the PATH variable contains the path to the agent commands.
  3. Type ovpolicy -list, and then press Enter. A list of policies appears.
  4. Use ovpolicy -remove to delete individual policies, or all policies.
  5. Optional. In the console, right-click the node, and then click All TasksarrowSynchronize policies. This updates the current policy inventory with up-to-date details of installed policies from the node.

Note TIP:
You can also remove a policy remotely from the management server by adding the -host option. For example: ovpolicy -remove -all -host <hostname>.

To delete policies manually from a node that has the DCE agent

  1. Log in on the remote managed node.
  2. Shut down the agent with the following command line:

    opcagt -kill

  3. Delete all files in directory "%OvAgentDir%\conf\ConfigFile\policies" to remove all ConfigFile policies from the node. If this directory does not exist, no ConfigFile policies are currently deployed on the node.

    Delete all files in directory "%OvAgentDir%\conf\svcdisc\policies" to remove all Service Auto-Discovery policies from the node. If this directory does not exist, no Service Auto-Discovery policies are currently deployed on the node.

    Delete all files in directory "%OvAgentDir%\conf\nodeinfo\policies" to remove all Node Info policies from the node. If this directory does not exist, no Node Info policies are currently deployed on the node.

    Delete all files in directory "%OvAgentDir%\conf\mgrconf\policies" to remove all Flexible Management policies from the node. If this directory does not exist, no Flexible Management policies are currently deployed on the node.

    Delete all files in directory "%OvAgentDir%\conf\OpC\vpwin" to remove all other policies from the node.

  4. Restart the agent with the following command line:

    opcagt -start

  5. Open the console, connect to the server, and click the managed node in the console tree. Start the operation "Redeploy policies and instrumentation." Calling this operation ensures that the policy inventory on the server gets in synch with the managed node again.
Special care must be taken for the node info and flexible management policies which define the content of the following two configuration files on the managed node:

- %OvAgentDir%\conf\OpC\nodeinfo
- %OvAgentDir%\conf\OpC\mgrconf

If you manually delete policies of the Node Info or the Flexible Management policy type on the managed node, you must make sure that the content of the above two files is still valid before you restart the agent. If this is not the case, the agent may not work properly.

Related Topics: