Unable to Perform Simple Disable Service Group Operation about ansible-collection-netscaleradc HOT 10 CLOSED

Hello @MrBones757 , thank you for raising this issue. We will get back once analyzing this.
Thank you.

from ansible-collection-netscaleradc.

I might add that i have tried using the netscaler_* modules included with ansible and citrix_* modules from this repo with the same issue occuring in both scenarios.

from ansible-collection-netscaleradc.

Noted.

from ansible-collection-netscaleradc.

Just wondering if there was any update on this & if you were able to reproduce issues.

from ansible-collection-netscaleradc.

@MrBones757 The scenario is perfectly working: Please find below two ways to achieve this. Revert for any.

- hosts: citrix_adc

  vars:
	max_clients: 5

  remote_user: root
  gather_facts: False

  tasks:
	- name: Disable service group
	  delegate_to: localhost
	  citrix_adc_servicegroup:
		nsip: "{{ nsip }}"
		nitro_user: "{{ nitro_user }}"
		nitro_pass: "{{ nitro_pass }}"

		state: present

		servicegroupname: test_svcgrp
		disabled: yes

OR

- hosts: citrix_adc
  gather_facts: no

  tasks:
	- name: Get resource
	  delegate_to: localhost
	  register: result
	  citrix_adc_nitro_request:
		nsip: "{{ nsip }}"
		nitro_user: "{{ nitro_user }}"
		nitro_pass: "{{ nitro_pass }}"

		operation: action
		action: disable

		resource: servicegroup
		attributes:
		  servicegroupname: test_svcgrp

from ansible-collection-netscaleradc.

Hello,
Sorry for my slow reply.
I have re-verified this configuration and i am still not seeing this functioning. I have made sure i am using the most up to date version of the modules from this repo. Ansible verison is 2.7.5
The configuration used was:

• name: set_state | Toggle new connections to {{ im_netscaler_sg_name }}
  citrix_adc_servicegroup:
  nsip: "{{ ns_ip }}"
  nitro_user: "{{ im_ad_username }}"
  nitro_pass: "{{ im_ad_password }}"
  state: present
  servicegroupname: "{{ im_netscaler_sg_name }}"
  disabled: yes
  validate_certs: no
  nitro_protocol: "https"
  register: result_sg
  delegate_to: localhost

Before:

After:

Job Output:
{
"_ansible_parsed": true,
"_ansible_no_log": false,
"_ansible_delegated_vars": {
"ansible_delegated_host": "localhost",
"ansible_host": "localhost"
},
"changed": true,
"invocation": {
"module_args": {
"comment": null,
"tcpb": null,
"cachetype": null,
"save_config": true,
"disabled": true,
"nitro_protocol": "https",
"maxreq": null,
"maxbandwidth": null,
"graceful": null,
"svrtimeout": null,
"clttimeout": null,
"servicetype": null,
"monthreshold": null,
"autoscale": null,
"maxclient": null,
"monitorbindings": null,
"servicegroupname": "",
"state": "present",
"usip": null,
"nitro_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"netprofile": null,
"rtspsessionidremap": null,
"nitro_timeout": 310,
"pathmonitorindv": null,
"pathmonitor": null,
"appflowlog": null,
"servicemembers": null,
"cacheable": null,
"mas_proxy_call": false,
"memberport": null,
"instance_ip": null,
"cka": null,
"tcpprofilename": null,
"sp": null,
"downstateflush": null,
"cipheader": null,
"httpprofilename": null,
"nsip": "192.168.220.219",
"cip": null,
"healthmonitor": null,
"useproxyport": null,
"nitro_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"nitro_auth_token": null,
"validate_certs": false,
"cmp": null
}
},
"loglines": [
"Applying actions for state present",
"Checking if service group exists",
"Servicegroup exists",
"Checking if service group is identical",
"Entering monitor_bindings_identical",
"Entering get_configured_monitor_bindings",
"Entering get_actual_monitor_bindings",
"Gettign actual monitor with name ",
"Entering sync_monitor_bindings",
"Entering get_actual_monitor_bindings",
"Gettign actual monitor with name ",
"Entering get_configured_monitor_bindings",
"servicemembers_identical",
"servicemembers [<nssrc.com.citrix.netscaler.nitro.resource.config.basic.servicegroup_servicegroupmember_binding.servicegroup_servicegroupmember_binding object at 0x7f5e1bfaed10>]",
"get_configured_service_members",
"Number of service group members 1",
"sync_service_members",
"get_configured_service_members",
"Disabling service",
"Sanity checks for state present",
"Checking if service group exists",
"Servicegroup exists",
"Checking if service group is identical",
"servicemembers_identical",
"servicemembers []",
"get_configured_service_members",
"Number of service group members 0",
"Entering monitor_bindings_identical",
"Entering get_configured_monitor_bindings",
"Entering get_actual_monitor_bindings"
]
}

Note all server and monitor configuration has disappeared.
Netscaler vpx version: NS11.1 58.13.nc

from ansible-collection-netscaleradc.

@MrBones757 , It is working well in my setup with NS11.1 build. Please allow me couple of days to revert back on this.

from ansible-collection-netscaleradc.

@MrBones757
We recently added the ssh_citrix_adc connection plugin which allows you to use standard Ansbile modules with Citrix ADC.

With the use of the shell Ansible module you can issue nscli commands.
Disabling or enabling a servicegroup could be accomplished with the following playbooks

Disabling:

- hosts: citrix_adc
  remote_user: nsroot
  connection: ssh_citrix_adc
  gather_facts: False
  vars:
    ansible_python_interpreter: /var/python/bin/python

  tasks:
    - name: Disable servicegroup test_service_group
      shell: nscli -s -U :nsroot:nsroot "disable servicegroup test_service_group"
      register: nscli_output

    - name: Show nscli output
      debug:
        msg: "{{ nscli_output }}"

Enabling.

  remote_user: nsroot
  connection: ssh_citrix_adc
  gather_facts: False
  vars:
    ansible_python_interpreter: /var/python/bin/python

  tasks:
    - name: Enable servicegroup test_service_group
      shell: nscli -s -U :nsroot:nsroot "enable servicegroup test_service_group"
      register: nscli_output

    - name: Show nscli output
      debug:
        msg: "{{ nscli_output }}"

Make sure you have setup the connection plugin correctly as is detailed in this section of the README file.

Let us know if this works out for you.

from ansible-collection-netscaleradc.

Apologies for the slow reply.
Unfortunately this solution does not work in the setup implemented as we are using AD/LDAP logins to control access and permissions via the API/UI rather than directly accessing the command-line of the VPX instance.
I have done some research and found an alternative to the standard modules which use API calls to trigger actions on the netscaler. Using these i was able to create my own temporary solution to this issue until the underlying issue (?) with the provided modules can be determined.

from ansible-collection-netscaleradc.

Since you cannot access the nscli I see the proposed solution cannot work.

Another alternative that skipped my mind is to use the citrix_adc_nitro_request module to enable/disable the target servicegroup.

Here is a sample playbook that disables the test_service_group

- hosts: citrix_adc
  gather_facts: False
  vars:
  tasks:
    - name: Add Service
      delegate_to: localhost
      register: result
      citrix_adc_nitro_request:
        nsip: "{{ nsip }}"
        nitro_user: "{{ nitro_user }}"
        nitro_pass: "{{ nitro_pass }}"
        operation: action
        action: disable
        resource: servicegroup
        attributes:
          servicegroupname: "test_service_group"

To enable the servicegroup use the same playbook with action: enable

We will be tracking this issue in our internal Jira to make sure we address this when we rewrite the servicegroup module.

from ansible-collection-netscaleradc.