netscaler / ansible-collection-netscaleradc Goto Github PK

Custom Ansible modules for NetScaler ADC and NetScaler ADM. Part of NetScaler Automation Toolkit | https://github.com/netscaler/automation-toolkit

Home Page: https://netscaler.github.io/ansible-collection-netscaleradc/

License: MIT License

Python 99.73% Makefile 0.04% Shell 0.03% Jinja 0.20%

ansible network-automation citrix-netscaler load-balancer python ansible-modules netscaler netscaler-automation-toolkit

ansible-collection-netscaleradc's Introduction

NetScaler Ansible Collection `version2` - netscaler.adc

⚠️ Note: The earlier citrix.adc ansible collection is replaced with the new netscaler.adc ansible collection.

The citrix.adc ansible collection is backed up by a separate branch citrix.adc

Vision

The vision of the netscaler.adc collection is to provide a complete declarative interface to configure and manage NetScaler ADC.

If you need any feature or flexibility that is not available in the collection at the moment, please raise issues/enhancement-requests/recommendations at https://github.com/netscaler/ansible-collection-netscaleradc/issues

✉️ For any immediate issues or help , reach out to us at [email protected] !

About `version1` and `version2` of the collection

We refer the earlier citrix.adc ansible collection as version1 and the new netscaler.adc as version2.

This is the version2 of the NetScaler Ansible Collection. It is a complete rewrite of the collection. The collection is not backward compatible with the version1 of the collection.

citrix.adc collection will be deprecated soon and will not be maintained further. It is recommended to migrate to the netscaler.adc collection.

About the `netscaler.adc` collection (version2)

The collection provides Ansible modules to configure and manage NetScaler ADC appliances. The modules are written using the NITRO API. The modules are idempotent and can be used to configure the NetScaler ADC appliances in declarative manner.

Installation

ansible-galaxy

ansible-galaxy collection install netscaler.adc

via github (to have the latest updated which are yet to be released in ansible-galaxy)

ansible-galaxy collection install "git+https://github.com/netscaler/ansible-collection-netscaleradc.git" [--force]

--force option is required if you have already installed the collection via ansible-galaxy. This will overwrite the existing collection with the latest collection from github.

Verify the installation

ansible-galaxy collection list netscaler.adc

The above command should display the following output:


# /Users/netscaleruser/.ansible/collections/ansible_collections
Collection    Version
------------- -------
netscaler.adc 2.0.x

Collection Modules Documentation

https://netscaler.github.io/ansible-collection-netscaleradc/

You can also click on the desired module name in the supported_modules_matrix.md file to go to the specific module documentation

Examples

Refer to the examples directory for the sample playbooks.

Also refer playbook_anatomy.md for the anatomy of a playbook.

🔑 Authentication

Authenticate to NetScaler via username and password

Every module in the collection requires the user to authenticate to the NetScaler ADC appliance. The authentication can be done using the nitro_user and nitro_pass parameters. These parameters can also be passed as environment variables NETSCALER_NITRO_USER and NETSCALER_NITRO_PASS.

Refer to the playbook_anatomy.md and examples directory for the sample playbooks.

Authenticate to NetScaler

Password based authentication

Every task in the collection requires the user to authenticate to the NetScaler ADC appliance. The authentication can be done using the nsip, nitro_user and nitro_pass parameters. These parameters can also be passed as environment variables NETSCALER_NSIP, NETSCALER_NITRO_USER and NETSCALER_NITRO_PASS.

Using `netscaler.adc.module_defaults` group

To avoid having to specify common parameters for all the modules in every task, you can use the netscaler.adc.module_defaults module defaults group:

Refer examples/module_default_args_action_group.yaml for an example playbook.

Passwordless via `nitro_auth_token` parameter (SESSIONID based authentication)

The collection also supports authentication to NetScaler ADC appliance via token. The token can be generated using the login module. The token can be passed to other modules using the nitro_auth_token parameter. The nitro_token parameter can also be passed as environment variable NETSCALER_NITRO_AUTH_TOKEN.

Refer to the playbook_anatomy.md and sessionid_based_authentication_via_login_logout.yaml example playbook.

login module requres username and password parameters to be passed. If you do not wish to pass the username and password, refer below.

You can use the below curl command to generate the token. The token can be passed to other modules using the nitro_auth_token parameter. The nitro_auth_token parameter can also be passed as environment variable NETSCALER_NITRO_AUTH_TOKEN. The token is valid for 60 minutes.

The below command also uses jq to parse the JSON output and store the sessionid in the NETSCALER_NITRO_AUTH_TOKEN environment variable, so that it can be used by other modules.

change the NETSCALER_NSIP, NETSCALER_NITRO_USER and NETSCALER_NITRO_PASS

Install jq util if not already installed.

export NETSCALER_NITRO_AUTH_TOKEN=$(curl -X POST -H "Content-Type:application/json" --insecure --silent https://NETSCALER_NSIP/nitro/v1/config/login -d '{"login":{"username":"NETSCALER_NITRO_USER", "password":"NETSCALER_NITRO_PASS"}}' | jq .sessionid)
echo $NETSCALER_NITRO_AUTH_TOKEN

NetScaler Console (ADM) as a Proxy Server

Refer to the NetScaler ADM as an API proxy server for more details.

The collection supports configuring NetScaler Console as a proxy server. This is useful when you have multiple NetScaler ADC appliances and you want to manage them using a single NetScaler Console.

An example can be found in examples/netscaler_console_as_proxy_server.yaml

Also, refer to the playbook_anatomy.md for more details.

Steps to configure NetScaler Console as a proxy server

Login to NetScaler Console and get the session ID
Use the session ID in the subsequent tasks to configure the managed NetScalers via the NetScaler Console as a proxy server
Logout from the NetScaler Console (optional)

Supported Ansible Versions

This collection is tested for Ansible version 2.14 and above.

Please raise issues at https://github.com/netscaler/ansible-collection-netscaleradc/issues if you face any issues with the collection.

Features of `netscaler.adc` collection

Refer to the features_v2.md file for the features of the netscaler.adc collection.

Migrating from `citrix.adc` collection to `netscaler.adc` collection

Both citrix.adc and netscaler.adc can be used in the same Ansible playbook. However, it is recommended to migrate to netscaler.adc collection.

Refer to the migrating_from_v1_v2.md file for the migration steps.

Supported Modules in `netscaler.adc` collection

Refer to the supported_modules_matrix.md file for the list of supported modules in netscaler.adc collection.

Todo list for the `netscaler.adc` collection

ansible-collection-netscaleradc's People

Contributors

Stargazers

Watchers

ansible-collection-netscaleradc's Issues

Use new httpapi connection method

Hi,

It would be nice to see the netscaler modules included with Ansible updated to use the httpapi connection method.

This would save the need to use delegate_to or to use the provider style credentials. You could then use all the normal ansible methods of providing authentication.

Netscaler - Ansible to bind/unbind content switching policies

Hi All,
I am pretty new to Ansible. My background is network and security and I am working to learn more about network automation using ansible.

I have a CS Virtual server and every now and then when there is a need to invoke a maintenance page using the netscaler due to work being done on the backend servers. To invoke the maintenance page I need to bind a CS responder policy to the CS virtual server.

There are four existing policies with priorities 90 to 120. Sometimes the policy to invoke the maintenance page is bound with priority 115 and sometimes 125 depending on what is needed.

I am trying to automate that so when there is a need to put up/remove the maintenance page at 1am for instance anyone can do it without having to rely on the network people.

Is it possible to achieve that using an ansible playbook?
Basically I need to be able to work on a playbook to bind the "maintenance page" policy with a specific priority and then another playbook to unbind the maintenance page policy after work on the backend is completed.

Thanks
Murilo

add authentication ldapAction and loginSchema

How can I use this module to run commands similar to:

add authentication ldapAction sideOnPremNSG_LDAP_ACTION_SAM -serverIP 192.168.2.2 -serverPort 636 -ldapBase "dc=wde,dc=side,dc=com,dc=au" -ldapBindDn [email protected] -ldapBindDnPassword 939e0250a9b275187b4b7cfa566fd4ceeded01ef34e2c0f9e7714bfdabb34a6b -encrypted -encryptmethod ENCMTHD_3 -ldapLoginName sAMAccountName -groupAttrName memberOf -subAttributeName cn -secType SSL
add authentication ldapPolicy sideOnPremNSG_LDAP_POLICY_SAM ns_true sideOnPremNSG_LDAP_ACTION_SAM

add authentication loginSchema lschema_dual_factor_secureID -authenticationSchema "/nsconfig/loginschema/DualAuth.xml"
add authentication loginSchemaPolicy lschema_dual_factor_secureID_pol -rule True -action lschema_dual_factor_secureID
add authentication loginSchemaPolicy lschema_dual_factor_receiver_pol -rule "http.REQ.HEADER(\"User-Agent\").CONTAINS(\"Receiver\")" -action lschema_dual_factor_secureID
bind authentication vserver VS_Connect_MFA_AAA -policy lschema_dual_factor_secureID_mfa_pol -priority 120 -gotoPriorityExpression END

add authentication radiusPolicy SecureID_Receiver_Policy "REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver" SecureID_LB_Server
bind authentication vserver VS_Connect_MFA_AAA -policy RSASecureID_Receiver_Policy -priority 100 -nextFactor LDAP_sf_connect_receiver_pl2 -gotoPriorityExpression NEXT

responderpolicy and responderaction already in use

Hi,

Adding responderpolicy and responderaction for the first time works great.
However, running same playbook a second time returns errors on the responder elements saying it is already in use.

"msg": "NITRO Failure",
"nitro_errorcode": 3094,
"nitro_message": "Policy name already in use [by a responder policy]",
"nitro_severity": "ERROR"}

The behavior should be the same as servers, services, lbvservers, etc
status should be :
ok if already there and unchanged
changed if added or changed
failed if anything else goes wrong

Am I wrong? Does it make sense? Thanks in advance.

Error creating service group - mismatch on value of compression field.

We have a Netscaler whereby most of the configuration has been created via the GUI, and we're looking to automate things via these modules. This show run shows the creation of a specific service group:

add serviceGroup my_sg_8080 HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES

I should be able to run the service group module and get a no change response, but instead I see this in the error output:

fatal: [127.0.0.1 -> localhost]: FAILED! => {
    "changed": true,
    "diff": {
        "cmp": "difference. ours: (<type 'str'>) YES other: (<type 'unicode'>) YES (but effectively NO)"
    },
    "failed": true,

I'm assuming this refers to the cmp value. In my playbook I have this set to yes to match the setting that the show run returns, however in the UI the checkbox does not appear to be ticked.

Any ideas is this is an issue with the module? Thanks

flake8 compliance

At least the E, W and Q class of errors.
Also, fix or remove TODO

servicegroup monitor bindings missing weight error

When the task defines a monitor binding without a weight value comparison for monitor bindings fails.

This does not happen when a weight has been specified for the monitor binding.

Allow netscaler_server to make graceful disables

Allow netscaler_server with the graceful keyword to be disabled gracefully, without terminating client connections prematurely.

Prompted from this comment ansible/ansible#32500 (comment)

netscaler_lb_vserver does not support policy bindings

netscaler_lb_vserver supports only service, servicegroup and ssl key bindings.

The ability to add policybindings should be added.

SSL cert sample invalid

The ssl_certkey example is invalid - https://github.com/citrix/netscaler-ansible-modules/blob/master/samples/ssl_certkey.yaml: ENABLED must be 'enabled'

fatal: [XXX -> localhost]: FAILED! => {"changed": false, "msg": "value of expirymonitor must be one of: enabled, disabled, got: ENABLED"}

Easier install method

My team uses these modules to manage our Netscaler/ADC, but keeping these modules up to date using Ansible itself is difficult. First of all, these modules overwrite files owned by the ansible RPM provided by upstream. Second, I cannot simply "pip install citrix-adc-ansible-modules" and pull down all dependencies, etc.
My ansible masters should be able to easily install and update these modules as I deem necessary by using the "pip" module or some other package management system instead of calling a install.py script. Is there any work being done to make this easier for unattended installs? Thanks.

Cannot bind default lbvserver for cs vserver

The current implementation of netscaler_cs_vserver does not allow binding a default lb vserver.

It must in addition to the csvsever_cspolicy_bindings NITRO object use the csvserver_lbvserver_binding NITRO object to allow for this.

Cannot install: modules_docs_fragments directory does not exist

Steps to reproduce:
iInstall ansible via Running From Source

Clone netscaler-ansible-modules
run ./install.py file

# ./install.py
Ansible path is /mnt/e/work/workspace/ansible/lib/ansible
Ansible extras path is /mnt/e/work/workspace/ansible/lib/ansible/modules/network
Copying documentation fragments to /mnt/e/work/workspace/ansible/lib/ansible/utils/module_docs_fragments
Traceback (most recent call last):
  File "./install.py", line 147, in <module>
	main()
  File "./install.py", line 86, in main
	shutil.copy(os.path.join(here, 'documentation_fragments', 'netscaler.py'), os.path.join(document_fragments_path, 'netscaler.py'))
  File "/usr/lib/python2.7/shutil.py", line 133, in copy
	copyfile(src, dst)
  File "/usr/lib/python2.7/shutil.py", line 97, in copyfile
	with open(dst, 'wb') as fdst:
IOError: [Errno 2] No such file or directory: '/mnt/e/work/workspace/ansible/lib/ansible/utils/module_docs_fragments/netscaler.py'

Unable to parse "YES" or "NO" value in attribute in nitro_request

ISSUE
Unable to parse "YES" or "NO" value in attribute in nitro_request. For instance, key "usip" in service. Ansible may change value into "true" or "false".

ISSUE TYPE
Bug Report

ANSIBLE VERSION

ansible 2.7.7
  config file = /Users/paulfirelord/Documents/ScriptConfig/Ansible/awx/ansible.cfg
  configured module search path = ['/Users/paulfirelord/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.7.2 (default, Jan 13 2019, 12:50:01) [Clang 10.0.0 (clang-1000.11.45.5)]

STEPS TO REPRODUCE
playbook

     vars:
       attributes_service:
       name: "xxxxx"
       port: "xxxxx"
       ip: "xxxxx"
       serviceType: HTTP
       usip: NO
       cip: enabled
       cipheader: X-Forwarded-For
     tasks:
    - name: Add Service
      delegate_to: localhost
      register: result
      netscaler_nitro_request:
        expected_nitro_errorcode: [0, 273]
        nsip: "{{ nsip }}"
        nitro_user: "{{ nitro_user }}"
        nitro_pass: "{{ nitro_pass }}"
        operation: add
        resource: service
        attributes: "{{ attributes_service }}"
      ignore_errors: result.nitro_errorcode == 273

ACTUAL RESULTS

TASK [Add Service1] **********************************************************************************************************************************
fatal: [xxx -> localhost]: FAILED! => {"changed": false, "http_response_body": "{ \"errorcode\": 1097, \"message\": \"Invalid argument value [false]\", \"severity\": \"ERROR\" }", "http_response_data": {"cache-control": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "connection": "close", "content-length": "87", "content-type": "application/json; charset=utf-8", "date": "Tue, 05 Mar 2019 16:53:27 GMT", "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "HTTP Error 400: Bad Request", "pragma": "no-cache", "server": "Apache", "status": 400, "url": "http://xxxxxx/nitro/v1/config/service"}, "msg": "NITRO Failure", "nitro_errorcode": 1097, "nitro_message": "Invalid argument value [false]", "nitro_severity": "ERROR"}

Support backupvserver for netscaler_lb_vserver

The backupvserver option is missing from the netscaler_lb_vserver module argument spec.

netscaler_lb_vserver: nitro exception errorcode=1092

Netscaler version:

NetScaler NS11.1: Build 50.10.nc, Date: Nov  6 2016, 05:42:29

Ansible task from playbook:

    - name: LB vServer
      delegate_to: localhost
      connection: local
      netscaler_lb_vserver:
        nsip: "{{ ctx_ns_nsip }}"
        nitro_user: "{{ ctx_ns_nitro_user }}"
        nitro_pass: "{{ ctx_ns_nitro_pass }}"
        comment: Managed by Ansible
        ipv46: 10.30.3.176
        lbmethod: LRTM
        name: "lb_vs_http_ctx_sf_80"
        persistencetype: SOURCEIP
        port: 80
        servicetype: HTTP
        servicebindings:
          - servicename: svc_http_LAB3TST3_80

Tail of ansible output:

    "loglines": [
        "Applying actions for state present",
        "Checking if lb vserver exists",
        "Add lb vserver"
    ],
    "msg": "nitro exception errorcode=1092, message=Arguments cannot both be specified [RecursionAvailable, serviceType==HTTP]"

I'll try a firmware update to the latest 11.1 to see if it fixes the error.

Fix netscaler_lb_vserver ssl bindings algorithm

Syncing ssl bindings is done by deleting all existing bindings and then adding all defined bindings.

Change the algorithm to take into account the present and target state so that deletion, modification and addition of bindings is preformed only when needed.

Support enabling features via a module

It'd be great to be able to enable (or disable) features using a module. We need to turn compression on as a feature and it'd be good not to revert to the API if possible.

csvserver creation succeeds but reports failed

I'm spinning up a cs vserver (in a loop):

---
- name: Setup content switching vservers
  delegate_to: localhost
  run_once: yes
  netscaler_cs_vserver:
    nsip: "{{ ip }}"
    nitro_user: "{{ user }}"
    nitro_pass: "{{ password }}"
    validate_certs: "{{ validate_certs }}"
    state: present
    name: "{{ item.name }}"
    servicetype: "{{ item.servicetype|default('HTTP') }}"
    ipv46: "{{ ips[item.name] }}"
    port: "{{ item.port  }}"
    clttimeout: "{{ item.clttimeout|default(180) }}"
    policybindings: "{{ item.policybindings|default([]) }}"
  with_items:
  - name: XXX_80
    port: 80
    policybindings: []
  - name: YYY_8080
    port: 8080
    policybindings: []
  - name: ZZZ_443
    port: 443
    policybindings: []

The output when I run my task is as below:

The full traceback is:
  File "/var/folders/g8/mkrz_vjj623g_zlx5780qbfjx2kb3x/T/ansible_RO1xuM/ansible_module_netscaler_cs_vserver.py", line 1258, in main
    sync_default_lb_vserver(client, module)
  File "/var/folders/g8/mkrz_vjj623g_zlx5780qbfjx2kb3x/T/ansible_RO1xuM/ansible_module_netscaler_cs_vserver.py", line 707, in sync_default_lb_vserver
    csvserver_lbvserver_binding.delete(client, d)
  File "build/bdist.macosx-10.12-x86_64/egg/nssrc/com/citrix/netscaler/nitro/resource/config/cs/csvserver_lbvserver_binding.py", line 162, in delete
    raise e

failed: [XXX -> localhost] (item={u'policybindings': [], u'name': u'XXX_443', u'port': 443}) => {
    "changed": true,
    "invocation": {
        "module_args": {
            "appflowlog": null,
            "authentication": null,
            "authenticationhost": null,
            "authn401": null,
            "authnprofile": null,
            "authnvsname": null,
            "cacheable": null,
            "casesensitive": null,
            "clttimeout": 180.0,
            "comment": null,
            "dbprofilename": null,
            "disabled": false,
            "disableprimaryondown": null,
            "dnsprofilename": null,
            "dnsrecordtype": null,
            "downstateflush": null,
            "httpprofilename": null,
            "icmpvsrresponse": null,
            "insertvserveripport": null,
            "ipmask": null,
            "ippattern": null,
            "ipv46": "XXX",
            "l2conn": null,
            "lbvserver": null,
            "listenpolicy": null,
            "mssqlserverversion": null,
            "mysqlcharacterset": null,
            "mysqlprotocolversion": null,
            "mysqlservercapabilities": null,
            "mysqlserverversion": null,
            "name": "XXX_443",
            "netprofile": null,
            "nitro_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "nitro_protocol": "http",
            "nitro_timeout": 310.0,
            "nitro_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "nsip": "XXX",
            "oracleserverversion": null,
            "policybindings": [],
            "port": 443,
            "precedence": null,
            "push": null,
            "pushlabel": null,
            "pushmulticlients": null,
            "pushvserver": null,
            "range": null,
            "redirectportrewrite": null,
            "redirecturl": null,
            "rhistate": null,
            "rtspnat": null,
            "save_config": true,
            "servicetype": "HTTP",
            "sobackupaction": null,
            "somethod": null,
            "sopersistence": null,
            "sopersistencetimeout": null,
            "sothreshold": null,
            "ssl_certkey": null,
            "state": "present",
            "stateupdate": null,
            "tcpprofilename": null,
            "td": null,
            "validate_certs": false,
            "vipheader": null
        }
    },
    "item": {
        "name": "XXX_443",
        "policybindings": [],
        "port": 443
    },
    "loglines": [
        "Applying actions for state present",
        "Checking policy bindings identical",
        "Getting actual policy bindigs",
        "Getting configured policy bindigs",
        "default lb vserver ('', '')",
        "Default lb vserver needs removing",
        "Deleting default lb vserver "
    ],
    "msg": "nitro exception errorcode=1095, message=Required argument missing [name]"
}

The task fails, but when I perform a show run or look at the UI, I can see that the resource has actually been created.

The name is definitely being sent - is this the name being referred to as a missing argument?

Thanks

ansible 2.5.0rc2
  config file = /Users/michael.mccarthy/.ansible.cfg
  configured module search path = [u'/Users/michael.mccarthy/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.14 (default, Mar  1 2018, 19:26:37) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]

freature: append mode for servicegroups

Currently if looping over with_subelements, the service groups only has the last server in the element and not all service groups. This makes it hard to make a ansible role and then instruct a user about just making group_var values with how they want the creation to be done. Example:

group_vars

nitro_user: "nsroot"
nitro_pass: "abc123"
nsip: "172.28.173.15"

 netscaler_mapping:
   - name: web
     virtual_server_ip: 10.78.0.1
     virtual_server_port: 80
     servicetype: HTTP
     backend_locations:
       - name: 1
         ip: 192.168.10.25
         port: 80
         weight: 50
       - name: 2
         ip: 192.168.10.24
         port: 80
         weight: 50

Example role

- name: "Setup the Services which also makes entries in the Servers"
  delegate_to: localhost
  notify: "Save Netscaler"
  netscaler_servicegroup:
    nsip: "{{ nsip }}"
    nitro_user: "{{ nitro_user }}"
    nitro_pass: "{{ nitro_pass }}"
    servicegroupname: "{{ item.0.name }}-{{ item.0.servicetype }}"
    servicetype: "{{ item.0.servicetype }}"
    servicemembers:
      - ip: "{{ item.1.ip }}"
        port: "{{ item.1.port }}"
  with_subelements:
    - "{{ netscaler_mapping }}"
    - backend_locations

If the servicemembers above had some kind of "append: true" option, then user with limited ansible knowledge could simply edit the group_vars file, add a 3rd backend_locations and re-run ansible. Unsure if maybe this is a nitroAPI limitation.

Some extra debug code

- debug: var=netscaler_mapping.0.backend_locations.0.ip
  tags: debug

- debug: var=item.0.virtual_server_ip
  with_subelements:
    - "{{ netscaler_mapping }}"
    - backend_locations
  tags: debug

- debug: var=item.1.ip
  with_subelements:
    - "{{ netscaler_mapping }}"
    - backend_locations
  tags: debug

support for binding policies to existing cs vserver (imperative style)

Trying to bind a policy to a cs virtual server and fails with the following. I am using the latest master git pull...

johnf@os-master-d01 netscaler-ansible-modules]$ git log
commit f93065ae175fb021d8d61445ffa881a4013334b7
Merge: 37ec8d1 a15514a
Author: George Nikolopoulos <[email protected]>
Date:   Wed May 2 20:29:34 2018 +0300

    Merge pull request #49 from citrix/fix_readme

    Fix documentation for Python SDK installation process

When I run the ansible task I get the following:

fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "name": "dev.validate-connection-micro.policy",
            "nitro_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "nitro_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "nsip": "10.102.0.3",
            "state": "present",
            "targetlbvserver": "dev.validate-connection-micro.http",
            "targetvserver": "mwgso-api.marketamerica.com_http",
            "validate_certs": false
        }
    },
    "msg": "Unsupported parameters for (netscaler_cs_action) module: targetvserver Supported parameters include: comment, instance_ip, mas_proxy_call, name, nitro_auth_token, nitro_pass, nitro_protocol, nitro_timeout, nitro_user, nsip, save_config, state, targetlbvserver, targetvserverexpr, validate_certs"
}

The code and the docs indicate that it should exist:

DOCUMENTATION = '''
---
module: netscaler_cs_action
short_description: Manage content switching actions
description:
    - Manage content switching actions
    - This module is intended to run either on the ansible  control node or a bastion (jumpserver) with access to the actual netscaler instance

version_added: "2.4.0"

author: George Nikolopoulos (@giorgos-nikolopoulos)

options:

    name:
        description:
            - >-
                Name for the content switching action. Must begin with an ASCII alphanumeric or underscore C(_)
                character, and must contain only ASCII alphanumeric, underscore C(_), hash C(#), period C(.), space C( ), colon
                C(:), at sign C(@), equal sign C(=), and hyphen C(-) characters. Can be changed after the content
                switching action is created.

    targetlbvserver:
        description:
            - "Name of the load balancing virtual server to which the content is switched."

    targetvserver:
        description:
            - "Name of the VPN virtual server to which the content is switched."

    targetvserverexpr:
        description:
            - "Information about this content switching action."

    comment:
        description:
            - "Comments associated with this cs action."

extends_documentation_fragment: netscaler
requirements:
    - nitro python sdk
'''

What is the correct way to add a binding if this module does not do it?

--John

state option missing from servicegroup member

The option "state" is missing from the servicegroup members bindings.

This affects module netscaler_servicegroup.

Fix netscaler_cs_vserver ssl bindings sync algorithm

syncing ssl bindings is done by deleting all existing bindings and then adding all defined bindings.

Change the algorithm to take into account the present and target state so that deletion, modification and addition of bindings is preformed only when needed.

Cannot install: Module utils directory does not exist

Installation of netscaler-ansible-modules v1.1 fails:

# python install.py 
Ansible path is /usr/lib/python2.7/site-packages/ansible
Module utils directory (/usr/lib/python2.7/site-packages/ansible/module_utils/network/netscaler) does not exist

Ansible version:

# ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]

OS is RHEL 7.4.

Could not find units tests dir

FYI below.. I ended up deleting the whole section in the install.py that references the util as a workaround but I am not sure if that's the best option. Thanks

 ansible --version
ansible 2.7.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/jchandrasekar/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
>>>>>>>>>>>>>>>>>>>>>

$ sudo python install.py
[sudo] password for jchandrasekar:
Ansible path is /usr/local/lib/python2.7/dist-packages/ansible
Ansible extras path is /usr/local/lib/python2.7/dist-packages/ansible/modules/network
Copying documentation fragments to /usr/local/lib/python2.7/dist-packages/ansible/utils/module_docs_fragments
Copying netscaler.py to /usr/local/lib/python2.7/dist-packages/ansible/module_utils/network/netscaler
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/__init__.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_confidfield.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_fieldtype.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_global_bindings.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_htmlerrorpage.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_jsoncontenttype.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_learningsettings.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_policy.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_policylabel.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_profile.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_settings.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_signatures.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_wsdl.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_xmlcontenttype.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_xmlerrorpage.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_appfw_xmlschema.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_cs_action.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_cs_policy.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_cs_vserver.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_gslb_service.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_gslb_site.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_gslb_vserver.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_lb_monitor.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_lb_vserver.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_nitro_request.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_save_config.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_server.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_service.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_servicegroup.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adc_ssl_certkey.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_application.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_dns_domain_entry.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_login.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_mpsgroup.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_mpsuser.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_ns_facts.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_poll_instances.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_rba_policy.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_rba_role.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_stylebook.py
Overwriting /usr/local/lib/python2.7/dist-packages/ansible/modules/network/netscaler/citrix_adm_tenant_facts.py
Could not find units tests dir

SSL cert key linking support

It'd be great to have ssl cert key linking support (ie. what turns up in a show run as 'link ssl certKey etc') - there is some code that relates to 'linkcertkeyname' but seems like it isn't supported as a module argument.

Thanks!

List of modules is blank in web broswer

When visiting https://netscaler-ansible.readthedocs.io/en/latest/modules/list_of_network_modules.html#netscaler there is not a list of modules. When I look at the github entry (https://github.com/citrix/netscaler-ansible-modules/blob/master/docs/modules/list_of_network_modules.rst) it looks like something should be displayed.

Fix netscaler_servicegroup monitor bindings algorithm

Currently all existing monitor bindings are deleted and all configured bindings are added.

Fix algorithm so that bindings are deleted, modified or added as appropriate.

Reproducible error when adding servers with ipaddresses

I'm running a task to add servers like this:

- hosts: netscaler_frontend_hosts
  gather_facts: no
  tasks:

  - name: Collect network information
    setup:
      gather_subset: '!all,!min,network'

  - name: Register servers
    delegate_to: localhost
    netscaler_server:
      nsip: "{{ ip }}"
      validate_certs: "{{ validate_certs }}"
      nitro_user: "{{ user }}"
      nitro_pass: "{{ password }}"
      state: present
      ipaddress: "{{ ansible_default_ipv4.address }}"
      name: "{{ ansible_hostname }}"

I've noticed that if I trash these servers in the UI I can consistently get a fatal error when adding one of these servers:

TASK [Collect network information] ************************************************************************************************************************************************************************************************************************************************************************************
Thursday 26 April 2018  16:01:06 +0100 (0:00:00.066)       0:00:00.066 ********
ok: [michael1]
ok: [michael2]

TASK [Register servers] ***********************************************************************************************************************************************************************************************************************************************************************************************
Thursday 26 April 2018  16:01:08 +0100 (0:00:01.720)       0:00:01.786 ********
fatal: [michael1 -> localhost]: FAILED! => {"changed": false, "loglines": ["Applying actions for state present", "Checking if server exists"], "msg": "nitro exception errorcode=293, message=Operation already in progress"}
changed: [michael2 -> localhost] => {"changed": true, "loglines": ["Applying actions for state present", "Checking if server exists", "Enabling server", "Sanity checks for state present", "Checking if server exists", "Checking if configured server is identical"]}

If I look in the UI then both servers are created just fine, so I think its a misleading error message.

Do you know what might be causing this?

ansible 2.5.1
python version = 2.7.14 (default, Mar 22 2018, 14:43:05) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
module installed from trunk to get #45

citrix_adc_lb_vserver - rule parameter missing

The rule parameter for the lbvserver API entitiy is not available in the citrix_adc_lb_vserver Ansible module.

Only the resrule parameter is available.

This prevents the usage of persistencetype: RULE

Fix netscaler_servicegroup service member bindings algorithm

As it stands all existing service members are deleted and then all configured service members are added.

Change the algorithm so that only the members that need to be deleted, added or modified are actually affected.

not able to assign monitor to service or service_group

whenever i try to assign a monitor to a service or a service group i get the below message

The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_y8i6dE/ansible_module_netscaler_servicegroup.py", line 974, in
main()
File "/tmp/ansible_y8i6dE/ansible_module_netscaler_servicegroup.py", line 922, in main
if not monitor_bindings_identical(client, module):
File "/tmp/ansible_y8i6dE/ansible_module_netscaler_servicegroup.py", line 587, in monitor_bindings_identical
configured_bindings = get_configured_monitor_bindings(client, module)
File "/tmp/ansible_y8i6dE/ansible_module_netscaler_servicegroup.py", line 548, in get_configured_monitor_bindings
attribute_values_dict['servicegroupname'] = module.params['servicegroupname']
TypeError: 'str' object does not support item assignment

imperative style configuration

Currently modules are usually declarative - you specify the desired state and the Ansible module will converge to it by automatically adding and removing resources to move the current state to the desired state.
This is not always desirable, sometimes you have resources defined outside Ansible that you want to modify. For example, if there is a service group with 5 members and you want to add 3 members to it, currently Ansible will delete the 5 previous members first and add only 3 members.

Question: Is there a ansible_module which can be used to configure the netscaler firewall?

So far I have used the ansible plays in this repo to create servicegroups and Load Balancer (VServer). I was going through the yml files to look for any firewall configuration related ansible_module, did not find any.

I am trying to do whitelisting of incoming traffic from certain IP's to the netscaler using the below shown command and I wanted to automate this process as well. Is there an ansible_module already implemented to achieve this or will I have to write one from scratch to do so?

add ns acl allow-jenkins-management ALLOW -srcIP = xxx.xxx.xxx.xx -destIP = xxx.xxx.xxx.xx -priority 90 -kernelstate SFAPPLIED61

Add copyright to all Python files

#  Copyright (c) 2017 Citrix Systems
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
#

Passing passwords to module securely?

What is the recommended way to pass password to the citrix_adc_* modules? We would like passwords to NOT appear in the console, and NOT appear in any log files. no_log: True is not an option, because it hides useful error messages when things go wrong.

sslv3, tls 1.0 and tls 1.1 disable using ansible

I am finding it difficult to find the module to disable sslv3, tls 1.0 and tls 1.1 settings on the ssl vserver.

netscaler_servicegroup overides members in SG

when using netscaler_servicegroup with present operation the module remove exist member and adding only members from the list.

- name: Set Test-sg
  local_action:
    nsip: "{{ nsip }}"
    nitro_user: "{{ nitro_user }}"
    nitro_pass: "{{ nitro_pass }}"
    ssl_cert_validation: "{{ ssl_cert_validation }}"
    nitro_protocol: "{{ nitro_protocol }}"

    module: netscaler_servicegroup
    operation: present

    servicegroupname: Test-sg
    servicetype: HTTP
    servicemembers:
        - ip: "{{ item }}"
          port: 8080
          weight: 50
  with_items: "{{ groups['tomcat'] }}"

The result is there's a single member in the SG instead the entire group

citrix_adc_service syntax documentation error

Documentation example for citrix_adc_service.py states the following syntax for monitor_bindings:

monitor_bindings:
  - monitor-1

whereas it should be:

monitor_bindings:
  - monitorname: monitor-1

CS vserver Type error

Hello,

when executing the csvserver ansbile task a second time (first execution was successful) when already the root certificates are bindend to the csverver we get the following type error:

fatal: [netscaler_XXXX -> localhost]: FAILED! => {
"changed": false,
"module_stderr": "/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\n/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\nTraceback (most recent call last):\n File "/tmp/ansible_SQ0VXM/ansible_module_netscaler_cs_vserver.py", line 1316, in \n main()\n File "/tmp/ansible_SQ0VXM/ansible_module_netscaler_cs_vserver.py", line 1258, in main\n ssl_certkey_bindings_sync(client, module)\n File "/tmp/ansible_SQ0VXM/ansible_module_netscaler_cs_vserver.py", line 815, in ssl_certkey_bindings_sync\n sslvserver_sslcertkey_binding.delete(client, binding)\n File "/usr/local/lib/python2.7/site-packages/nssrc/com/citrix/netscaler/nitro/resource/config/ssl/sslvserver_sslcertkey_binding.py", line 254, in delete\n raise e\nTypeError: cannot concatenate 'str' and 'bool' objects\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 1

netscaler_nitro_request changed status documentation

The documentation of netscaler_nitro_request module does not contain the fact that the changed status is always set to true.

This was brought up in #42 .

The module documentation should be updated to inform users that this is the expected behavior.

Enabled features always reports changed, even when not changed

Running the netscaler_nitro_request to enable features, just like the example in the code, reports changed each and every time, despite not changing anything. Not sure if this is expected behaviour given what the API returns?

Tested with Ansible 2.5.0rc1, installed via pip, on OSX

pfx example needed in doc

It is a bit ambiguous how a pfx file can be imported, and I cannot seem to find any examples. When a PFX file is used, is it used for the "certkey", or do I still have to export a public key for the certificate, then use the PFX for the certkey? Or is it something else?

Generic cli module for show commands?

It would be very helpful for my team if we had a generic ansible cli module to use for show commands, scp of new code, and Unix bash commands (shell ls /nsconfig/ssl for example). We're using nitro right now, but the development cycle for new features/functions is much longer for us than for typical ansible playbooks. We have ~120 netscalers deployed, so this would save us significant time.

Something similar to the eos_command module would be great:

http://docs.ansible.com/ansible/latest/modules/eos_command_module.html#eos-command-module

We use the heck out of this one.

Support for targeting partitions

SUMMARY
One cannot target partitions on the Netscaler.
Only the default partition can be manipulated right now.

ISSUE TYPE
Feature Idea
Allow support for specifing the partition name/id as a var
Much like this module
https://github.com/networktocode/netscaler-ansible/blob/master/library/netscaler_server.py#L615-L624

COMPONENT NAME
citrix_adc_server.py

ADDITIONAL INFORMATION
This feature would allow users to target partitions on Netscalers. Many users like myself would have multiple partitions configured and the default partition is not used al all.

This "netscaler_server" module from networktocode has the right idea.
Be great if this was something that came out of the box.

https://github.com/networktocode/netscaler-ansible/blob/master/library/netscaler_server.py#L615-L624

Error creating virtual server

Creating a new virtual server I'm getting an odd error that I can't seem to track down.

This particular test playbook creates a set of servers, a service group, binds the servers to the service group, then creates the virtual server with the service group bound to it. This error only occurs on the initial creation run. Subsequent runs finish successfully. Second run has a single change in the vserver and any additional runs of the playbook remain unchanged.

fatal: [localhost -> localhost]: FAILED! => {
    "changed": true, 
    "diff": {
        "timeout": "difference. ours: (<type 'float'>) 10.0 other: (<type 'int'>) 2"
    }, 
    "invocation": {
        "module_args": {
            "appflowlog": null, 
            "appfw_policybindings": null, 
            "authentication": null, 
            "authenticationhost": null, 
            "authn401": null, 
            "authnprofile": null, 
            "authnvsname": null, 
            "backuplbmethod": null, 
            "backuppersistencetimeout": null, 
            "bypassaaaa": null, 
            "cacheable": null, 
            "clttimeout": null, 
            "comment": null, 
            "connfailover": null, 
            "cookiename": null, 
            "datalength": null, 
            "dataoffset": null, 
            "dbprofilename": null, 
            "dbslb": null, 
            "disabled": false, 
            "disableprimaryondown": null, 
            "dns64": null, 
            "dnsprofilename": null, 
            "downstateflush": null, 
            "hashlength": null, 
            "healththreshold": null, 
            "httpprofilename": null, 
            "icmpvsrresponse": null, 
            "insertvserveripport": null, 
            "instance_ip": null, 
            "ipmask": null, 
            "ippattern": null, 
            "ipv46": "10.81.244.79", 
            "l2conn": null, 
            "lbmethod": null, 
            "listenpolicy": null, 
            "listenpriority": null, 
            "m": null, 
            "macmoderetainvlan": null, 
            "mas_proxy_call": false, 
            "maxautoscalemembers": null, 
            "minautoscalemembers": null, 
            "mssqlserverversion": null, 
            "mysqlcharacterset": null, 
            "mysqlprotocolversion": null, 
            "mysqlservercapabilities": null, 
            "mysqlserverversion": null, 
            "name": "gen-anstest", 
            "netmask": null, 
            "netprofile": null, 
            "newservicerequest": null, 
            "newservicerequestincrementinterval": null, 
            "newservicerequestunit": null, 
            "nitro_auth_token": null, 
            "nitro_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "nitro_protocol": "https", 
            "nitro_timeout": 310.0, 
            "nitro_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "nsip": "10.81.228.156", 
            "oracleserverversion": null, 
            "persistencebackup": null, 
            "persistencetype": null, 
            "persistmask": null, 
            "port": 80, 
            "processlocal": null, 
            "push": null, 
            "pushlabel": null, 
            "pushmulticlients": null, 
            "pushvserver": null, 
            "range": null, 
            "recursionavailable": null, 
            "redirectportrewrite": null, 
            "redirurl": null, 
            "rhistate": null, 
            "rtspnat": null, 
            "save_config": true, 
            "servicebindings": null, 
            "servicegroupbindings": [
                {
                    "servicegroupname": "test-service-group-1"
                }
            ], 
            "servicetype": "HTTP", 
            "sessionless": null, 
            "skippersistency": null, 
            "sobackupaction": null, 
            "somethod": null, 
            "sopersistence": null, 
            "sopersistencetimeout": null, 
            "sothreshold": null, 
            "ssl_certkey": null, 
            "state": "present", 
            "tcpprofilename": null, 
            "timeout": 10.0, 
            "tosid": null, 
            "v6netmasklen": null, 
            "v6persistmasklen": null, 
            "validate_certs": false, 
            "vipheader": null
        }
    }, 
    "loglines": [
        "Applying actions for state present", 
        "Checking if lb vserver exists", 
        "Add lb vserver", 
        "service_bindings_identical", 
        "Getting configured service bindings", 
        "Getting actual service bindings", 
        "servicegroup_bindings_identical", 
        "Getting configured service group bindings", 
        "Getting actual service group bindings", 
        "len 1", 
        "sync_servicegroup_bindings", 
        "Getting actual service group bindings", 
        "Getting configured service group bindings", 
        "Adding servicegroup binding test-service-group-1", 
        "Checking policy bindings identical", 
        "Getting actual appfw policy bindings", 
        "Getting configured appfw policy bindings", 
        "Enabling lb server", 
        "Sanity checks for state present", 
        "Checking if lb vserver exists", 
        "Checking if configured lb vserver is identical"
    ], 
    "msg": "lb vserver is not configured correctly"
}

The following is the task:

    - name: Create load balancing vserver bound to servicegroup
      delegate_to: localhost
      citrix_adc_lb_vserver:
        nsip: "{{ netscaler_host_ip }}"
        nitro_protocol: "{{ netscaler_nitro_protocol }}"
        nitro_user: "{{ netscaler_nitro_user }}"
        nitro_pass: "{{ netscaler_nitro_password }}"
        validate_certs: "{{ netscaler_validate_certs }}"

        name: "{{ netscaler_virtual_server }}"
        servicetype: HTTP
        ipv46: "{{ vserver_ip }}"
        port: 80
        timeout: 10
        servicegroupbindings:
          - servicegroupname: "{{ netscaler_service_group }}"
      environment:
        no_proxy: "{{ netscaler_host_ip }}"

If I remove the timeout from the task it completes successfully the first time. Something strange with it, but it was repeatable so I thought I would post it so it could get a look. Let me know if you need some additional information.

Unable to Perform Simple Disable Service Group Operation

The citrix_adc_servicegroup module does not appear to allow you to disable the sg without providing a heap of other parameters.

I am trying to convert Powershell scripts (Enable-NSServiceGroup cmdlet) to these ansible modules for plays.
It appears that every time the module runs, it resets the netscaler to the configuration of the module call rather than simply toggling the enable / disable & graceful functionality.

I have tried to use the citrix_adc_nitro_request module to achieve this though functionality seems to be the same result.

Examples of module invocations:
name: Do a Thing
netscaler_nitro_request:
nitro_protocol: https
nitro_user: "{{ im_ad_username }}"
nitro_pass: "{{ im_ad_password }}"
nsip: "{{ im_netscaler_dict[im_netscaler_sg_name]['im_netscaler_ip'] }}"
validate_certs: no
operation: "action"
action: "disable"
attributes:
servicegroupname: "{{ im_netscaler_sg_name }}"
graceful: "yes"
resource: servicegroup
register: result_sg

name: Do another thing
citrix_adc_servicegroup :
nitro_protocol: https
nitro_user: "{{ im_ad_username }}"
nitro_pass: "{{ im_ad_password }}"
nsip: "{{ im_netscaler_dict[im_netscaler_sg_name]['im_netscaler_ip'] }}"
validate_certs: no
servicegroupname: "{{ im_netscaler_sg_name }}"
disabled: yes
graceful: "yes"
state: present

Any information on how to achieve this functionality would be appreciated. It can be done though the UI and Powershell so i assume its doable using Ansible too.

Does graceful option need a wait time?

From https://docs.citrix.com/en-us/netscaler/10-5/ns-tmg-wrapper-10-con/ns-lb-wrapper-con-10/ns-lb-clienttraffic-con/ns-lb-clienttraffic-gracefulshutdown-tsk.html it seems like if graceful is yes but no wait time is given then the load balancer will wait until the last connection is serviced no matter how long that takes.

There should be the option to give a wait time so that the first case in the table in the link above could be handled. We've used the wait_time feature from ansible/ansible-modules-extras#2327 to make sure servers are removed from the load balancer even if they have long running connections.

Does this parameter need to be added to this module as well?

Thanks

Responderpolicy fails but works

Hi,

I get an error when binding a responderpolicy to a csvserver, however it works.

Configured properly : server, service, lbvserver, cspolicy, responderpolicy, responderaction

Then,

csvservers:
  - name: cs_vserver-test
    ipv46: 10.1.1.1
    port: 80
    servicetype: HTTP
    policybindings:
      - policyname: cs_pol_apps_test-1
        targetlbvserver: lb_vserver-test-1
        priority: 10
      - policyname: cs_pol_apps_test-2
        targetlbvserver: lb_vserver-test-2
        priority: 20
      - policyname: cs_pol_apps_test-3
        targetlbvserver: lb_vserver-test-3
        priority: 30
      - policyname: res_pol_1
        priority: 101
      - policyname: res_pol_2
        priority: 102
      - policyname: res_pol_3
        priority: 103

Fails: "msg": "Policy bindings differ"

But it went through and both cs and responder policies are properly bound.
Everything is good when only binding cspolicy
Always fails when binding responderpolicy, but the config went through anyways.

Am I missing something? Is that the right place to bind a responderpolicy to a csvserver.

Thanks in advance!

Missing redirecturl option from netscaler_lb_vserver

The redirecturl option is missing from netscaler_lb_vserver.

It is also missing from the NITRO object lbvserver but it is present in the command line reference for add lb vserver.

netscaler / ansible-collection-netscaleradc Goto Github PK

ansible-collection-netscaleradc's Introduction

NetScaler Ansible Collection version2 - netscaler.adc

Vision

About version1 and version2 of the collection

About the netscaler.adc collection (version2)