unenroll

Reference for linuxguard-agent unenroll — remove the host from its tenant binding so the agent can be enrolled into a different tenant.

Synopsis

Remove the host's binding to its current tenant. The command's primary use case is preparing a host for re-enrolment into a different tenant — typical service-mode hosts are normally retired by stopping the agent and uninstalling the package rather than by un-enrolling.

linuxguard-agent unenroll

Important: In the current release, unenroll is a placeholder that prints >> Unenrolling server... and exits successfully without modifying the persisted enrollment. Operators who need to fully detach a host should stop the agent service, remove /var/lib/linuxguard/ (which contains the persisted tenant identity, API key, and mTLS material), and re-enrol from scratch. Console-side tenant detach is independent of the agent invocation and is performed via the LinuxGuard console (Settings → Servers → remove).

Flags

unenroll takes no flags.

Environment

unenroll reads no environment variables. The command does not contact the backend in its current implementation.

Signals

unenroll is a one-shot CLI invocation — it does not install signal handlers via signal.Notify. The command returns immediately after printing the status line.

Exit codes

Code

Meaning

0

The command completed (placeholder implementation always returns nil; future versions that perform an actual un-enrolment will continue to return 0 on success).

1

General error — reserved for future implementations that perform a backend detach or local-state removal and encounter persist / network failures. The current placeholder cannot return 1.

Examples

Run the placeholder

sudo linuxguard-agent unenroll

Stdout:

>> Unenrolling server...

Exit code: 0. No state has changed; the host is still bound to its previous tenant.

Operator workflow: re-enrol into a different tenant

The current effective workflow for moving a host between tenants (until unenroll performs a real detach):

sudo systemctl stop linuxguard-agent
sudo rm -rf /var/lib/linuxguard/
sudo linuxguard-agent enroll \
  --api-key NEW-KEY \
  --tenant-id NEW-TENANT-UUID \
  --environment production
sudo systemctl start linuxguard-agent

After step 4, the host appears in the new tenant's console as a new server (a fresh ServerID is issued by the backend during the enrol POST). Detach the stale server in the old tenant's console under Settings → Servers.

Operator workflow: retire a host

For a host that is being decommissioned (not re-enrolled), prefer package removal over unenroll:

sudo systemctl stop linuxguard-agent
sudo apt-get purge linuxguard-agent   # or dnf remove / zypper remove / apk del
sudo rm -rf /var/lib/linuxguard/ /var/log/linuxguard/

Then detach the host from the tenant via the console (Settings → Servers → remove). The agent's local state is gone, the package is uninstalled, and the console no longer counts the host against the tenant's seat allocation.

Related: enroll | start | show-config | CLI Reference

Previousenroll Nextshow-config

Last updated 4 days ago

Was this helpful?