Uninstall Apigee mTLS

You can remove Apigee mTLS at any time. This section describes how to remove it and to verify that it has been removed.

To roll back the Apigee mTLS installation:

  1. Log in to a node in your cluster. The order in which you do this does not matter.
  2. Stop all components on the node, as the following example shows:
    /opt/apigee/apigee-service/bin/apigee-all stop
  3. (Only if you enabled MS-LDAP encryption during installation) Reset the Management Server configuration properties:
    1. Open the /opt/apigee/customer/application/management-server.properties file for edit.
    2. Change the values of the following properties to their default values, as the following example shows:
      conf_security_ldap.enable.connection.pool=true
      conf_security_ldap.fallback.self.count=0
      conf_security_ldap.maximum.retry.limit=1

      (Optional) After you complete the uninstallation and restart the Management Server, you can remove these properties.

    3. Save the management-server.properties file.
  4. Uninstall the apigee-mtls service by executing the following command:
    /opt/apigee/apigee-service/bin/apigee-service apigee-mtls uninstall
  5. Start all components on the node in the start order, as the following example shows:
    /opt/apigee/apigee-service/bin/apigee-service component_name start
  6. Repeat this process for each node in the cluster.

To verify that the uninstallation was successful, you can do the following (in any order):

  1. On each node that is running ZooKeeper, check that the Consul services are not in the /usr/lib/systemd/system directory:
    1. Change to the /usr/lib/systemd/system directory:
      cd /usr/lib/systemd/system
    2. Ensure that the following files are not in that directory:
      • consul_egress.service
      • consul_server.service
    3. If either of these files is in the /usr/lib/systemd/system directory, delete it.
  2. On each node that is running ZooKeeper, check to see if the apigee-mtls and apigee-mtls-consul directories exist:
    1. Change to the Apigee root directory:
      cd ${APIGEE_ROOT:-/opt/apigee}
    2. Check the contents of the directory:
      ls
    3. Ensure that the following directories do not exist in this directory:
      • apigee-mtls-version
      • apigee-mtls-consul-version
    4. If either of these directories exist, delete them.
  3. In the same directory, ensure that symlinks to the following have been removed:
    • apigee-mtls
    • apigee-mtls-consul

    To do this, use the find -L option, as the following example shows:

    find -L ./

    If symbolic links to these directories remain, you can remove them with either the rm or unlink commands.

  4. On each node that is running ZooKeeper, check that Consul has been removed by using the which command:
    which consul

    This command should respond with a message similar to the following:

    "/usr/bin/which: no consul in (...:/opt/apigee/apigee-adminapi-version/bin:...)"
  5. Execute the following command as root or with sudo:
    iptables -t nat -L OUTPUT

    This command should display column headings but no data in the columns, as the following example shows:

    target     prot opt source               destination   
  6. Use yum to determine if the Apigee mTLS packages are installed:
    yum list installed

    This command should not display any packages matching the following:

    • apigee-mtls-version
    • apigee-mtls-consul-version