This repository provides Ansible modules for configuring Citrix ADC instances. It uses the NITRO REST API. All form factors of Citrix ADC are supported.
The code here should be considered alpha quality and may be broken at times due to experiments and refactoring. Tagged releases should be stable. The most stable version will be availble with Ansible automatically.
- Module renaming
- Documentation
- List of implemented modules
- Pre-requisites
- Installation
- Usage
- Citrix ADC connection plugin
- What if there is no module for your configuration?
- Directory structure
- LICENSE
- COPYRIGHT
Note that as of this commit all modules were renamed to match the new Citrix product names.
See here for reference.
All modules which previously started with the netscaler_
prefix have been renamed to
to start with the citrix_adc_
prefix.
All new modules will follow this convention as well.
Until these changes are integrated into the Ansible distribution the Citrix ADC module names will differ depending on where they were installed from.
Extended documentation is hosted at readthedocs.
Currently the following modules are implemented
- citrix_adc_appfw_confidfield - Configuration for configured confidential form fields resource
- citrix_adc_appfw_fieldtype - Configuration for application firewall form field type resource
- citrix_adc_appfw_global_bindings - Define global bindings for AppFW
- citrix_adc_appfw_htmlerrorpage - Configuration for configured confidential form fields resource
- citrix_adc_appfw_jsoncontenttype - Configuration for JSON content type resource
- citrix_adc_appfw_learningsettings - Configuration for learning settings resource
- citrix_adc_appfw_policy - Manage Citrix ADC Web Application Firewall policies
- citrix_adc_appfw_policylabel - Manage Citrix ADC Web Application Firewall policy labels
- citrix_adc_appfw_profile - Manage Citrix ADC Web Application Firewall profiles
- citrix_adc_appfw_settings - Manage Citrix ADC Web Application Firewall settings
- citrix_adc_appfw_signatures - Configuration for configured confidential form fields resource
- citrix_adc_appfw_wsdl - Configuration for configured confidential form fields resource
- citrix_adc_appfw_xmlcontenttype - Configuration for XML Content type resource
- citrix_adc_appfw_xmlerrorpage - Configuration for configured confidential form fields resource
- citrix_adc_appfw_xmlschema - Configuration for configured confidential form fields resource
- citrix_adc_cs_action - Manage content switching actions
- citrix_adc_cs_policy - Manage content switching policy
- citrix_adc_cs_vserver - Manage content switching vserver
- citrix_adc_gslb_service - Manage gslb service entities in Citrix ADC
- citrix_adc_gslb_site - Manage gslb site entities in Citrix ADC
- citrix_adc_gslb_vserver - Configure gslb vserver entities in Citrix ADC
- citrix_adc_lb_monitor - Manage load balancing monitors
- citrix_adc_lb_vserver - Manage load balancing vserver configuration
- citrix_adc_nitro_request - Issue Nitro API requests to a Citrix ADC instance
- citrix_adc_nitro_resource - Create, update, delete resources on Citrix ADC
- citrix_adc_save_config - Save Citrix ADC configuration
- citrix_adc_server - Manage server configuration
- citrix_adc_service - Manage service configuration in Citrix ADC
- citrix_adc_servicegroup - Manage service group configuration in Citrix ADC
- citrix_adc_ssl_certkey - Manage ssl cerificate keys
- citrix_adm_application - Manage applications on Citrix ADM
- citrix_adm_dns_domain_entry - Manage Citrix ADM domain names
- citrix_adm_login - Login to a Citrix ADM instance
- citrix_adm_mpsgroup - Manage Citrix ADM user groups
- citrix_adm_mpsuser - Manage Citrix ADM users
- citrix_adm_ns_facts - Retrieve facts about Citrix ADM managed instances
- citrix_adm_poll_instances - Force the poll instances network function on the target Citrix ADM
- citrix_adm_rba_policy - Manage Citrix ADM rba policies
- citrix_adm_rba_role - Manage Citrix ADM rba roles
- citrix_adm_stylebook - Create or delete Citrix ADM stylebooks
- citrix_adm_tenant_facts - Retrieve facts about Citrix ADM tenants
The following NITRO API endpoints have their workflow dictionaries available
for use with the citrix_adc_nitro_resource
module.
The workflows yaml file can be found here.
lbvserver_spilloverpolicy_binding, lbvserver_pqpolicy_binding, lbgroup_lbvserver_binding, lbvserver_auditnslogpolicy_binding, lbroute6, lbvserver_filterpolicy_binding, lbvserver_dnspolicy64_binding, lbvserver_responderpolicy_binding, lbmetrictable, lbvserver_cmppolicy_binding, lbvserver_cachepolicy_binding, lbvserver_servicegroup_binding, spilloverpolicy, servicegroup, lbvserver_videooptimizationdetectionpolicy_binding, lbmetrictable_metric_binding, lbvserver_servicegroupmember_binding, service, lbvserver_transformpolicy_binding, lbvserver_auditsyslogpolicy_binding, lbmonitor_sslcertkey_binding, lbvserver_appqoepolicy_binding, lbvserver_authorizationpolicy_binding, server, lbvserver_service_binding, lbgroup, lbvserver_contentinspectionpolicy_binding, lbvserver_appflowpolicy_binding, lbroute, lbvserver_feopolicy_binding, lbvserver_rewritepolicy_binding, lbvserver_csvserver_binding, lbmonitor, lbvserver_appfwpolicy_binding, service_lbmonitor_binding, lbvserver_scpolicy_binding, servicegroup_lbmonitor_binding, lbvserver, lbmonitor_metric_binding, lbvserver_videooptimizationpacingpolicy_binding, lbvserver_capolicy_binding, lbprofile, lbvserver_analyticsprofile_binding
- NITRO Python SDK (available from https://www.citrix.com/downloads/netscaler-adc or from the "Downloads" tab of the Citrix ADC GUI)
- Ansible
- Python 2.7 or 3.x
Use of a python virtualenv during installation is recommended.
- Activate the virtualenv (
source bin/activate
) - Install all dependencies by running
pip install -r requirements.test.txt
from the project checkout. - Install the citrix ADC modules using
python install.py
- Install Ansible (
sudo pip install ansible
) - Install NetScaler SDK (
pip install deps/nitro-python-1.0_kamet.tar.gz
) - Install Citrix ADC modules (
sudo python install.py
). It tries to find the ansible installation directory and then copies the module files to the appropriate places.
If the ansible installation is on a dirctory that requires root access, the install script should be run with root privileges. If the isntallation script fails and you know where ansible is located on your system you can do a manual installation. Just copy the contents of the ansible-modules directory to the extras module directory and the netscaler.py file to the module_utils directory of ansible.
All modules are intended to be run on the ansible control machine or a jumpserver with access to the Citrix ADC appliance.
To do this you need to use the local_action
or the delegate_to
options in your playbooks.
There are sample playbooks in the samples
directory.
Detailed documentation for each module can be found in the htmldoc directory.
Documentation regarding the Citrix ADC appliance configuration in general can be found at the following link, http://docs.citrix.com/en-us/netscaler/11-1.html
There is also the ability to proxy module NITRO calls through a Citrix ADM to a target ADC.
In order to do that you need a NITRO Python SDK that has the MAS proxy calls capability and also follow these 2 steps.
- First acquire a nitro authentication token with the use of the
netscaler_nitro_request
mas_login
operation. - Next all subsequent module invocations should have the
mas_proxy_call
option set totrue
, replace thenitro_user
andnitro_pass
authentication options with thenitro_auth_token
acquired from the previous step and finally include theinstance_ip
option to instruct MAS to which citrix ADC to proxy the calls.
A sample playbook is provided in the samples directory. mas_proxied_server.yaml
The Citrix ADC connection plugin allows the use of standard Ansible modules, such as shell
and fetch
, with Citrix ADC.
The installation script provided here install.py
will install the plugin to the ansible path inside the standard Ansible connection plugin directory.
You can also manually copy the connection plugin source file located in ansible-plugin/ssh\_citrix\_adc.py
to a custom location that Ansible will search for it. Refer to the Ansible documentation for details.
In order for a standard Ansible module to work properly with the Citrix ADC connection plugin the following conditions must hold true.
- Modify the playbook so that it uses the connection plugin (
connection: ssh_citrix_adc
). - Citrix ADC does not have the python interpreter path defined, so one should pass this path when defining the host group (
ansible_python_interpreter: /var/python/bin/python
). - The plugin works only with ssh key based authentication. The remote Citrix ADC must have the public ssh key of the controlling machine in their authorized_keys file (
/flash/nsconfig/ssh/authorized_keys
). - In the local ansible.cfg file make sure the following lines exist:
[defaults]
host_key_checking = False
[ssh_connection]
scp_if_ssh = True
You can find usage samples in this folder.
There are some conflicting configuration options when using a standard Ansible module with a Citrix ADC specific module in the same playbook.
To have such a playbook execute correctly the following solutions are proposed.
- Have a single playbook with multiple plays ( sample ).
- Have a single play configured for standard Ansible modules and define the neeeded overrides in the Citrix ADC specific tasks ( sample ).
- Have a single play configured for Citrix ADC specific modules and define the needed overrides for the generic Ansible tasks ( sample ).
When there is no module that covers the ADC configuration you want to apply there are a few options that will allow you to still apply the configuration through an ansible playbook.
This a module that is a thin wrapper around the NITRO REST API. It provides a number of operations which it then translates into HTTP requests and provides the resulting NITRO API response in a well defined return value.
You can find examples of using the module in this folder
The citrix_adc_nitro_resource
module can be used to create, update and delete
NITRO objects.
It has the same base parameters as the other modules for connecting to the ADC.
Its most important attributes are the workflow
parameter which determines
the execution of the module with respect to how the NITRO object will be created, updated
or deleted and the resource
parameter which contains the actual attributes
for the NITRO resource.
The workflows dictionaries published so far can be found here.
Examples can be found in this folder.
Extended documentation can be found here.
If an endpoint cannot be found in the existing workflows file please open an issue so that we can investigate if this endpoint is covered by the existing workflows and publish its dictionary.
As a last resort the user can user the shell
Ansible module
along with the Citrix ADC connection plugin to issue nscli
commands
to the target ADC.
This provides the least feedback but it is useful for one off configuration steps or when nothing else is applicable.
Examples can be found in this folder
-
ansible-modules.
Contains all the ansible modules available. These are the files that must be installed on an ansible control node in order for the functionality to be present -
ansible-plugins.
Contains all the ansible plugins available. -
tests.
Contains the test suite for the modules. It requires some extra dependencies than the plain modules in order to run. -
samples.
Contains some sample playbooks that combine more than one modules together to achieve a desired configuration. Examples of the modules' usage are also contained in the EXAMPLES section of the modules themselves. -
htmldoc.
Contains the html documentation for each module. -
utils.
Contains utilities mainly used for the authoring of the modules and are not relevant to the end user. -
documentation_fragments.
Contains the Citrix ADC specific documentation files for ansible. -
run_tests.py
. Top level script to run all the tests.
GPL V3 See LICENSE
COPYRIGHT 2017 CITRIX Systems Inc
Pull requests and issues are welcome.