Citrix ADC & Citrix ADM Ansible modules

This repository contains two collections - Citrix ADC ansible modules and Citrix ADM ansible modules.

Citrix ADC Ansible modules provides Ansible modules for configuring Citrix ADC instances. It uses the NITRO REST API. All form factors of Citrix ADC are supported.

Citrix ADM Ansible modules provides modules for configuring Citrix ADM.It uses Citrix ADM APIs to configure or invoke ADM capabilities.

Learn more about Citrix ADC Automation here

:round_pushpin: For deploying Citrix ADC in Public Cloud - AWS and Azure, check out cloud scripts in github repo terraform-cloud-scripts.

:envelope: For any immediate issues or help , reach out to us at [email protected] !

---

Contents

Ansible Modules Documentation

• Directory structure
• Pre-requisites
• Installation
  • Setting up prerequisites
  • Using virtualenv (recommended)
  • Global environment
  • Installing ADC and ADM modules and plugins
• List of ADC Use-cases supported
  • ADC modules
  • ADM modules
  • citrix_adc_nitro_resource workflows list
• How to use Ansible modules ?
  • Secure variable storage
  • NITRO API TLS
  • Citrix ADM proxied calls
  • Citrix ADM service calls
  • Configure CPX (docker)
• What if there is no module for your configuration?
  • Use the citrix_adc_nitro_request module.
  • Use the citrix_adc_nitro_resource module.
  • Use the connection plugin with the shell Ansible module
• Citrix ADC connection plugin
  • Installation
  • Usage
  • Security notice
  • Citrix ADC and standard Ansible modules in a single playbook
• Module renaming
• Extended Documentation
• LICENSE
• COPYRIGHT
• Contributions

Beginners Guide to usign ADC Ansible Modules

• Hands-On Lab for ADC Automation with Ansible
• Getting Started with Ansible and ADC collection installation
• Make your first Configuration on ADC with Ansible
• General Guidelines on creating Ansible playbooks
• Nitro Request - Generic Module to execute Nitro API operations via Ansible
• Nitro Resource - Generic module to create any ADC entity using Ansible
• Nitro Info - Generic module to emulate show commands
• Proxy your ADC Nitro API calls via ADM

Beginners Guide to using ADM Ansible Modules

• Getting Started with ADM Ansible modules
• Creating Stylebooks with ADM Ansible modules
• Applying ADC config via Configpacks through ADM Ansible Modules
• Updating Config-Packs to new Stylebooks via ADM Ansible Modules

---

Ansible Modules Documentation

Directory structure

• ansible-modules. Contains all the ansible modules available. These are the files that must be installed on an ansible control node in order for the functionality to be present

• ansible-plugins. Contains all the ansible plugins available.

• tests. Contains the test suite for the modules. It requires some extra dependencies than the plain modules in order to run.

• sample_playbook. Contains some sample playbooks that combine more than one modules together to achieve a desired configuration. Examples of the modules' usage are also contained in the EXAMPLES section of the modules themselves.

• htmldoc. Contains the html documentation for each module.

• utils. Contains utilities mainly used for the authoring of the modules and are not relevant to the end user.

• documentation_fragments. Contains the Citrix ADC specific documentation files for ansible.

• run_tests.py. Top level script to run all the tests.

Pre-requisites

• NITRO Python SDK
• Ansible (<=5.5.0) | ansible-core (<=2.12.9)
• Python 2.7 or 3.x

The modules are not test for ansible>=5.5.0 (OR ansible-core>=2.12.9) and may break.

Installation

Setting up prerequisites

Using virtualenv (recommended)

Use of a python virtualenv during installation is recommended.

• Activate the virtualenv (source bin/activate)
• Install all dependencies by running pip install -r requirements.test.txt from the project checkout.

Global environment

• Install Ansible (sudo pip install ansible==5.5.0)
• Install NetScaler SDK (pip install deps/nitro-python-1.0_kamet.tar.gz)

Installing ADC and ADM modules and plugins

To install the available collections from the repository directly:

Minimum ansible version should be 2.10 to install collections directory from the repository (https://github.com/ansible/ansible/pull/69154)

```bash

ADC modules and connection plugin

ansible-galaxy collection install git+https://github.com/citrix/citrix-adc-ansible-modules.git#/ansible-collections/adc

ADM modules

ansible-galaxy collection install git+https://github.com/citrix/citrix-adc-ansible-modules.git#/ansible-collections/adm ```

To install the available collections from a local checkout of the repository:

```bash

ADC modules and connection plugin

cd ansible-collections/adc ansible-galaxy collection build ansible-galaxy collection install citrix-adc-.tar.gz

ADM modules

cd ansible-collections/adm ansible-galaxy collection build ansible-galaxy collection install citrix-adm-.tar.gz ```

List of ADC Use-cases supported

Currently the following modules are implemented

ADC modules

Included in the citrix.adc collection

|ADC Module|Description|Documentation|Example Playbook| |--|--|--|--| | citrix_adc_appfw_confidfield | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_appfw_fieldtype | Configuration for application firewall form field type resource | HERE | HERE | | citrix_adc_appfw_global_bindings | Define global bindings for AppFW | HERE | HERE | | citrix_adc_appfw_htmlerrorpage | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_appfw_jsoncontenttype | Configuration for JSON content type resource | HERE | HERE | | citrix_adc_appfw_learningsettings | Configuration for learning settings resource | HERE | HERE | | citrix_adc_appfw_policy | Manage Citrix ADC Web Application Firewall policies | HERE | HERE | | citrix_adc_appfw_policylabel | Manage Citrix ADC Web Application Firewall policy labels | HERE | HERE | | citrix_adc_appfw_profile | Manage Citrix ADC Web Application Firewall profiles | HERE | HERE | | citrix_adc_appfw_settings | Manage Citrix ADC Web Application Firewall settings | HERE | HERE | | citrix_adc_appfw_signatures | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_appfw_wsdl | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_appfw_xmlcontenttype | Configuration for XML Content type resource | HERE | HERE | | citrix_adc_appfw_xmlerrorpage | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_appfw_xmlschema | Configuration for configured confidential form fields resource | HERE | HERE | | citrix_adc_cs_action | Manage content switching actions | HERE | HERE | | citrix_adc_cs_policy | Manage content switching policy | HERE | HERE | | citrix_adc_cs_vserver | Manage content switching vserver | HERE | HERE | | citrix_adc_dnsnsrec | Configuration for name server record resource | HERE | HERE | | citrix_adc_gslb_service | Manage gslb service entities in Citrix ADC | HERE | HERE | | citrix_adc_gslb_site | Manage gslb site entities in Citrix ADC | HERE | HERE | | citrix_adc_gslb_vserver | Configure gslb vserver entities in Citrix ADC | HERE | HERE | | citrix_adc_lb_monitor | Manage load balancing monitors | HERE | HERE | | citrix_adc_lb_vserver | Manage load balancing vserver configuration | HERE | HERE | | citrix_adc_nitro_info | Retrieve information from various NITRO API endpoints | HERE | HERE | | citrix_adc_nitro_request | Issue Nitro API requests to a Citrix ADC instance | HERE | HERE | | citrix_adc_nitro_resource | Create, update, delete resources on Citrix ADC | HERE | HERE | | citrix_adc_password_reset | Perform default password reset | HERE | HERE | | citrix_adc_save_config | Save Citrix ADC configuration | HERE | HERE | | citrix_adc_server | Manage server configuration | HERE | HERE | | citrix_adc_service | Manage service configuration in Citrix ADC | HERE | HERE | | citrix_adc_servicegroup | Manage service group configuration in Citrix ADC | HERE | HERE | | citrix_adc_ssl_certkey | Manage ssl certificate keys | HERE | HERE | | citrix_adc_sslcipher | Manage custom SSL ciphers | HERE | HERE | | citrix_adc_sslcipher_sslciphersuite_binding | Manage SSL cipher and SSL ciphersuite bindings | HERE | HERE | | citrix_adc_sslprofile_sslcipher_binding | Manage SSL profile and SSL cipher bindings | HERE | HERE | | citrix_adc_system_file | upload systemfile to adc | HERE | HERE |

ADM modules

Included in the citrix.adm collection

|ADM Module|Description|Documentation|Example Playbook| |--|--|--|--| | citrix_adm_application | Manage applications on Citrix ADM | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_configpack | Creates a configpack from a stylebook | TBD | ADM-OnPrem • ADM-Service | | citrix_adm_dns_domain_entry | Manage Citrix ADM domain names | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_login | Login to a Citrix ADM instance | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_logout | Logout from a Citrix ADM instance | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_mpsgroup | Manage Citrix ADM user groups | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_mpsuser | Manage Citrix ADM users | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_ns_facts | Retrieve facts about Citrix ADM managed instances | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_poll_instances | Force the poll instances network function on the target Citrix ADM | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_rba_policy | Manage Citrix ADM rba policies | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_rba_role | Manage Citrix ADM rba roles | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_stylebook | Create or delete Citrix ADM stylebooks | HERE | ADM-OnPrem • ADM-Service | | citrix_adm_tenant_facts | Retrieve facts about Citrix ADM tenants | HERE | ADM-OnPrem • ADM-Service |

citrix_adc_nitro_resource workflows list

The following NITRO API endpoints have their workflow dictionaries available for use with the citrix_adc_nitro_resource module.

The workflows yaml file can be found here.

• authentication_epaaction
• csvserver_rewritepolicy_binding
• dnssoarec
• lbgroup
• lbgroup_lbvserver_binding
• lbmetrictable
• lbmetrictable_metric_binding
• lbmonitor
• lbmonitor_metric_binding
• lbmonitor_sslcertkey_binding
• lbprofile
• lbroute
• lbroute6
• lbvserver
• lbvserver_analyticsprofile_binding
• lbvserver_appflowpolicy_binding
• lbvserver_appfwpolicy_binding
• lbvserver_appqoepolicy_binding
• lbvserver_auditnslogpolicy_binding
• lbvserver_auditsyslogpolicy_binding
• lbvserver_authorizationpolicy_binding
• lbvserver_cachepolicy_binding
• lbvserver_capolicy_binding
• lbvserver_cmppolicy_binding
• lbvserver_contentinspectionpolicy_binding
• lbvserver_csvserver_binding
• lbvserver_dnspolicy64_binding
• lbvserver_feopolicy_binding
• lbvserver_filterpolicy_binding
• lbvserver_pqpolicy_binding
• lbvserver_responderpolicy_binding
• lbvserver_rewritepolicy_binding
• lbvserver_scpolicy_binding
• lbvserver_service_binding
• lbvserver_servicegroup_binding
• lbvserver_servicegroupmember_binding
• lbvserver_spilloverpolicy_binding
• lbvserver_transformpolicy_binding
• lbvserver_videooptimizationdetectionpolicy_binding
• lbvserver_videooptimizationpacingpolicy_binding
• nsacl
• ntpparam
• ntpserver
• policypatset
• policypatset_pattern_binding
• rewriteaction
• rewritepolicy
• server
• service
• service_lbmonitor_binding
• servicegroup
• servicegroup_lbmonitor_binding
• snmpmanager
• spilloverpolicy
• sslparameter
• sslprofile
• sslprofile_sslcipher_binding
• sslvserver
• sslvserver_sslcertkey_binding
• systemuser
• transformaction
• transformpolicy
• transformprofile

How to use Ansible modules ?

All modules are intended to be run on the ansible control machine or a jumpserver with access to the Citrix ADC appliance. To do this you need to use the local_action or the delegate_to options in your playbooks.

There are sample playbooks in the sample_playbooks directory.

Detailed documentation for each module can be found in the htmldoc directory.

Documentation regarding the Citrix ADC appliance configuration in general can be found at the following link, http://docs.citrix.com/en-us/netscaler/11-1.html

Secure variable storage

Some input variables used by the Citrix ADC ansible modules contain sensitive data.

Most notably nitro_pass.

Other variables may also be considered security sensitive depending on the use case. For example a user may not want to expose backend service IPs since it gives an attacker insight into the network topology used.

In production environments it is recommended to keep the values of these variables encrypted until they are needed by the playbook. Ansible offers the ansible-vault utility which can be used to encrypt individual variables or entire files.

When the contents are needed the ansible-playbook command can take arguments which will point to the encrypted content and decrypt it as needed.

For more information see the full documentation

NITRO API TLS

By default the nitro_protocol parameter is set to http. This leaves all NITRO API request and response data unencrypted and it is not recommended for production environments.

Set the nitro_protocol to https in order to have all NITRO API communication encrypted.

By default the Citrix ADC comes with a self signed TLS certificate. If you intend to use https with this certificate you need to set the validate_certs parameter to false.

For production environments it is recommended to use trusted TLS certificate so that validate_certs is set to true.

Please consult the Citrix ADC secure deployment guide where among other things the usage of trusted TLS certificates is documented.

Citrix ADM proxied calls

There is also the ability to proxy module NITRO calls through a Citrix ADM to a target ADC.

In order to do that you need a NITRO Python SDK that has the MAS proxy calls capability and also follow these 2 steps.

1. First acquire a nitro authentication token with the use of the netscaler_nitro_request mas_login operation.
2. Next all subsequent module invocations should have the mas_proxy_call option set to true , replace the nitro_user and nitro_pass authentication options with the nitro_auth_token acquired from the previous step and finally include the instance_ip option to instruct MAS to which citrix ADC to proxy the calls.

A sample playbook is provided in the sample_playbooks directory. mas_proxied_server.yaml

There is also the option to use the ADM service as a NITRO API proxy.

To do that you first need to get a bearer token using the citrix_adc_get_bearer_token module.

After that you need to include the following options with the module invocation:

1. nitro_protocol
2. nsip
3. api_path
4. is_cloud
5. bearer_token
6. mas_proxy_call

And one of:

1. instance_ip
2. instance_id
3. instance_name

You can find examples in this folder.

Citrix ADM service calls

There is the option for citrix_adm modules to be executed targetting the ADM service instead of an on prem ADM.

This mode of execution relies on first getting a nitro_auth_token by logging in the ADM service and using this token for all subsequent module calls.

Also the option is_cloud: true must be set as well as having the adm_ip: adm.cloud.com.

Examples can be found in this folder.

Configure CPX via Ansible

If you are running a NetScaler CPX on the same host where you are executing the playbook:

```bash $ docker port cpx 80 32773

$ cat inventory.txt [netscaler] 127.0.0.1 nsip=127.0.0.1:32773 nitro_user=nsroot nitro_pass=nsroot validate_certs=no

$ cat lb_vserver.yml

  local_action:
    nsip: "{{ nsip }}"
    nitro_user: "{{ nitro_user }}"
    nitro_pass: "{{ nitro_pass }}"

```

In the playbook

yaml local_action: nsip: 127.0.0.1:32773 nitro_user: nsroot nitro_pass: nsroot

What if there is no module for your configuration?

When there is no module that covers the ADC configuration you want to apply there are a few options that will allow you to still apply the configuration through an ansible playbook.

Use the citrix_adc_nitro_request module.

This a module that is a thin wrapper around the NITRO REST API. It provides a number of operations which it then translates into HTTP requests and provides the resulting NITRO API response in a well defined return value.

You can find examples of using the module in this folder

Use the citrix_adc_nitro_resource module.

The citrix_adc_nitro_resource module can be used to create, update and delete NITRO objects.

It has the same base parameters as the other modules for connecting to the ADC.

Its most important attributes are the workflow parameter which determines the execution of the module with respect to how the NITRO object will be created, updated or deleted and the resource parameter which contains the actual attributes for the NITRO resource.

The workflows dictionaries published so far can be found here.

Examples can be found in this folder.

Extended documentation can be found here.

If an endpoint cannot be found in the existing workflows file please open an issue so that we can investigate if this endpoint is covered by the existing workflows and publish its dictionary.

Use the connection plugin with the shell Ansible module

As a last resort the user can user the shell Ansible module along with the Citrix ADC connection plugin to issue nscli commands to the target ADC.

This provides the least feedback but it is useful for one off configuration steps or when nothing else is applicable.

This requires password-less (SSH-key based) authentication. Follow this article to setup the ADC

Examples can be found in this folder

Citrix ADC connection plugin

The Citrix ADC connection plugin allows the use of standard Ansible modules, such as shell and fetch, with Citrix ADC.

Installation

The connection plugin is included in the citrix.adc collection.

Usage

In order for a standard Ansible module to work properly with the Citrix ADC connection plugin the following conditions must hold true.

• Modify the playbook so that it uses the connection plugin (connection: ssh_citrix_adc).
• Citrix ADC does not have the python interpreter path defined, so one should pass this path when defining the host group (ansible_python_interpreter: /var/python/bin/python).
• The plugin works only with ssh key based authentication. The remote Citrix ADC must have the public ssh key of the controlling machine in their authorized_keys file (/flash/nsconfig/ssh/authorized_keys).
• In the local ansible.cfg file make sure the following lines exist: ``` [defaults] host_key_checking = False

[ssh_connection] scp_if_ssh = True ```

You can find usage sample_playbooks in this folder.

Security notice

With the connection plugin and the shell ansible module it is posssible to run nscli commands as show in the example below.

yaml tasks: - name: Run nscli command shell: "nscli -s -U :nsroot:{{nitro_pass}} show ns ip" no_log: True

In order to not expose the actual nsroot password the following rules must be observed

• Do not hardcode the password in the command string.

Use a variable which is retrieved from a secure storage.

• For the task that contains the password set the task option no_log: True

This will hide log output from the specified task including the password.

Citrix ADC and standard Ansible modules in a single playbook

There are some conflicting configuration options when using a standard Ansible module with a Citrix ADC specific module in the same playbook.

To have such a playbook execute correctly the following solutions are proposed.

• Have a single playbook with multiple plays ( sample_playbook ).
• Have a single play configured for standard Ansible modules and define the neeeded overrides in the Citrix ADC specific tasks ( sample ).
• Have a single play configured for Citrix ADC specific modules and define the needed overrides for the generic Ansible tasks ( sample ).

Module renaming

Note that as of this commit all modules were renamed to match the new Citrix product names.

See here for reference.

All modules which previously started with the netscaler_ prefix have been renamed to to start with the citrix_adc_ prefix.

All new modules will follow this convention as well.

Until these changes are integrated into the Ansible distribution the Citrix ADC module names will differ depending on where they were installed from.

Extended Documentation

Extended documentation is hosted at readthedocs.

License

MIT License See LICENSE

Copyright

COPYRIGHT 2017 CITRIX Systems Inc

Contributions

3rd party contributions are not accepted as of today. You can reach out to us at [email protected] ! for quick response or create GitHub issues.

---

Beginners guide to ADC Automation with Ansible

Hands-On Lab for ADC Automation with Ansible

Try out the lab that takes you through the ADC Automation journey with Ansible

Getting Started with Ansible and ADC collection installation

Refer the Steps 1 and Steps 2 in the Get Started with ADC Automation using Ansible

Make your first Configuration on ADC with Ansible

Refer the Steps 3 and Steps 4 in the Get Started with ADC Automation using Ansible

General Guidelines on creating Ansible playbooks

Refer the How to use Ansible Modules section ? for usage guidelines on ADC Ansible playbooks.

To create Ansible playbooks for your specfic ADC use-cases/entities refer the Ansible modules documenation and the NITRO API documentation for understanding of endpoint, parameters etc.

Nitro Request - Generic Module to execute Nitro API operations via Ansible

citrix_adc_nitro_request which doesn’t target a particular endpoint instead can be used to perform NITRO API operations on various endpoints.

Learn more about its usage here. You can find its example here.

Nitro Resource - Generic module to create any ADC entity using Ansible

citrix_adc_nitro_resource implements the CRUD operations in a generic manner applicable to multiple endpoints. You can use generic module citrix_adc_nitro_resource if you dont find a dedicated module for the usecase you are targeting.

Learn more about its usage here. You can find its example here.

Nitro Info - Generic module to emulate show commands

citrix_adc_nitro_info modules is to emulate show commands in Netscaler.It returns a list or dictionary for each endpoint it is invoked for. You can find usage example here.

Proxy your ADC Nitro API calls via ADM

ADC Ansible modules invoke Nitro API calls internally to configure your ADC. You can proxy all those Nitro API calls via ADM on-prem or ADM Service.

Learn more about using ADM as API Proxy Server here. You can find the usage example for ADM on-prem here and ADM Service here

---

Beginners guide to ADM Automation with Ansible

Getting Started with ADM Ansible modules

Here are the playbooks to get started with ADM Ansible modules: 1. Login to ADM On-prem 2. Add Netscaler instance to ADM on-prem

For ADM Service 1. Login to ADM Service

Creating Stylebooks with ADM Ansible modules

ADM On-Prem - Creating Stylebook via Ansible on ADM On-Prem

ADM Service - Creating Stylebook via Ansible on ADM On-Prem

Applying ADC config via Configpacks through ADM Ansible Modules

ADM On_Prem - Applying configs to ADC via ADM Configpacks through Ansible

ADM Service - Applying configs to ADC via ADM Configpacks through Ansible

Updating Config-Packs to new Stylebooks via ADM Ansible Modules

change_stylebook param in citrix_adm_configpack when set to true can be used to upgrade your existing config-pack to new Stylebook version.

change_stylebook: true # true when we need to change the stylebook associated to this configpack old_stylebook: # old_stylebook will be considered only when change_stylebook is true name: basic-lb-config namespace: com.example.stylebooks version: "0.1"

Use the below playbooks and set change_stylebook as true :

ADM On_Prem - Applying configs to ADC via ADM Configpacks through Ansible

ADM Service - Applying configs to ADC via ADM Configpacks through Ansible

:envelope: For any immediate issues or help , reach out to us at [email protected] !

Issues

[BUG] NitroAPIFetcher function edit_response_data not handling HTTPError objects well

opened on 2023-03-21 22:12:22 by drewferagen

Describe the bug When I tried to use citrix_adc_servicegroup and citrix_adc_lb_vserver to add a vserver or service group it would error out without much useful information.

I tried downgrading ansible, ansible-core, pip installing the ns_nitro in this repo as well as the one I downloaded from our ADC.

I forked the project and did some poking around and it looks like in my case of our Citrix ADC 12.1 and ansible, the problem was with the class NitroAPIFetcher in ansible-collections\adc\plugins\module_utils\citrix_adc.py

in the function edit_response_data it has the following: # Search for body in both http body and http data if r is not None: result['http_response_body'] = codecs.decode(r.read(), 'utf-8') elif 'body' in info: result['http_response_body'] = codecs.decode(info['body'], 'utf-8') del info['body'] else: result['http_response_body'] = ''

What was happening is when a servicegroup isn't defined, it was returning a 404 response which was sending a HTTPError object instead of None, so it wasn't checking the info object for its body at all.

I added a type check (type(r).name == "HTTPResponse") to it and now it will properly handle the HTTPError results as well as the normal results.

# Search for body in both http body and http data if r is not None and type(r).__name__ == "HTTPResponse": result['http_response_body'] = codecs.decode(r.read(), 'utf-8') elif 'body' in info: result['http_response_body'] = codecs.decode(info['body'], 'utf-8') del info['body'] else: log('else') result['http_response_body'] = ''

To Reproduce Steps to reproduce the behavior:

use citrix_adc_lb_vserver to try to add a vserver to Citrix ADC 12.1

here is the bonus error output from AWX: { "changed": false, "loglines": [ "ModuleExecutor.calculate_configured_servicegroup()", "calculated configured servicegroup {'servicegroupname': 'kubernetesnginx', 'servicetype': 'HTTP'}", "ModuleExecutor.calculate_configured_servicemembers()", "ModuleExecutor.calculate_configured_monitor_bindings()", "ModuleExecutor.update_or_create()", "ModuleExecutor.servicegroup_exists()", "get result {'http_response_body': '', 'http_response_data': {'url': 'http://10.120.4.66/nitro/v1/config/servicegroup/kubernetesnginx', 'status': 404, 'date': 'Mon, 20 Mar 2023 19:21:40 GMT', 'server': 'Apache', 'x-frame-options': 'SAMEORIGIN', 'expires': 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 'pragma': 'no-cache', 'vary': 'Accept-Encoding', 'x-xss-protection': '1; mode=block', 'content-length': '108', 'content-type': 'application/json; charset=utf-8', 'connection': 'close', 'msg': 'HTTP Error 404: Not Found', 'body': b'{ \"errorcode\": 258, \"message\": \"No such resource [serviceGroupName, kubernetesnginx]\", \"severity\": \"ERROR\" }'}, 'nitro_errorcode': None, 'nitro_message': None, 'nitro_severity': None}" ], "msg": "nitro exception errorcode=None, message=None, severity=None", "invocation": { "module_args": { "nsip": "10.120.4.66", "nitro_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "nitro_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "validate_certs": false, "nitro_protocol": "http", "state": "present", "servicegroupname": "kubernetesnginx", "servicetype": "HTTP", "nitro_timeout": 310, "save_config": true, "mas_proxy_call": false, "is_cloud": false, "disabled": false, "nitro_auth_token": null, "instance_ip": null, "instance_id": null, "instance_name": null, "api_path": null, "bearer_token": null, "cachetype": null, "td": null, "maxclient": null, "maxreq": null, "cacheable": null, "cip": null, "cipheader": null, "usip": null, "pathmonitor": null, "pathmonitorindv": null, "useproxyport": null, "healthmonitor": null, "sc": null, "sp": null, "rtspsessionidremap": null, "clttimeout": null, "svrtimeout": null, "cka": null, "tcpb": null, "cmp": null, "maxbandwidth": null, "monthreshold": null, "downstateflush": null, "tcpprofilename": null, "httpprofilename": null, "comment": null, "appflowlog": null, "netprofile": null, "autoscale": null, "memberport": null, "autodisablegraceful": null, "autodisabledelay": null, "monconnectionclose": null, "servername": null, "port": null, "weight": null, "customserverid": null, "serverid": null, "hashid": null, "nameserver": null, "dbsttl": null, "monitor_name_svc": null, "dup_weight": null, "riseapbrstatsmsgcode": null, "delay": null, "graceful": null, "includemembers": null, "servicemembers": null, "monitor_bindings": null } }, "_ansible_no_log": null, "item": "jvl_kubernetes_nginx", "ansible_loop_var": "item", "_ansible_item_label": "jvl_kubernetes_nginx", "_ansible_delegated_vars": { "ansible_host": "localhost", "ansible_port": null, "ansible_user": "ansible", "ansible_connection": "local" } }

Expected behaviour I expected the playbook to add the function or give a relevant error.

Environment (please complete the following information): - Python version python --version output Python 3.9.16 - Ansible version ansible --version output (this also is broken when I downgraded to the officially supported version from the readme, FYI) ansible [core 2.14.3] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True

Additional context I only have netscalers running 12.1, so I can't really tell if this is a version specific behavior or something else.

How to deal with HA-Pair

opened on 2023-01-23 11:01:05 by pbptaker

Dear Community

How to deal with an HA-Pair? I can connect to the primary node using the NSIP, but I can't connect the management enabled SNIP. I can connect to the secodary NSIP of course. On the SNIP I'm getting an TLS error. I wonder why the TLS settings are applied using an SSL Profile. So both SNIP and NSIP should use the same TLS Settings imo.

Maybe connect to both and find out which is the primary?

Thank you

Pbptaker

[BUG] citrix_adc_servicegroup fails create with Autoscale DNS

opened on 2023-01-13 16:38:42 by pkodzis

Describe the bug

ansible fails on adding servicegroup with Autoscale DNS:

result of post {'http_response_data': {'url': 'https://10.147.254.35/nitro/v1/config/servicegroup?action=enable', 'status': 599, 'date': 'Fri, 13 Jan 2023 10:06:28 GMT', 'server': 'Apache', 'x-frame-options': 'SAMEORIGIN', 'expires': 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 'pragma': 'no-cache', 'feature-policy': \"camera 'none'; microphone 'none'; geolocation 'none'\", 'referrer-policy': 'no-referrer', 'x-xss-protection': '1; mode=block', 'x-content-type-options': 'nosniff', 'content-length': '184', 'content-type': 'application/json; charset=utf-8', 'connection': 'close', 'msg': 'HTTP Error 599: Netscaler specific error'}, 'nitro_errorcode': 257, 'nitro_message': 'Operation not permitted [Enabling / Disabling is not permitted as it has auto scale members. Try unbinding auto scale members.]', 'nitro_severity': 'ERROR', 'data': {'errorcode': 257, 'message': 'Operation not permitted [Enabling / Disabling is not permitted as it has auto scale members. Try unbinding auto scale members

After commenting this code in citrix_adc_servicegroup.py, it lets create all as expected. it seems like this part should not be called when building new servicegroup:

    #log('disable/enable post data %s' % post_data)
    #result = self.fetcher.post(post_data=post_data, resource='servicegroup', action=action)
    #log('result of post %s' % result)

    #if result['http_response_data']['status'] != 200:
    #    msg = 'Disable/Enable operation failed'
    #    self.module.fail_json(msg=msg, **self.module_result)

Environment (please complete the following information): $ python3 --version Python 3.8.10 $ ansible --version ansible [core 2.12.10] config file = None ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible ansible collection location = /home/pkodzis/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0] jinja version = 2.10.1 libyaml = True

Nitro SDK installed from copy donwloaded fron NetScaler running: :Primary> sh ver NetScaler NS13.0: Build 85.15.nc, Date: Mar 10 2022, 07:24:58 (64-bit)

Fix exception statement for Ansible 2.13.4

opened on 2022-12-21 17:18:14 by brentisaacs

[BUG] servicegroup_exists() 'NoneType' object is not callable

[FEATURE REQUEST] ADC login & switch partition modules

opened on 2022-12-13 14:02:39 by pkodzis

Is your feature request related to a problem? Please describe. I need module that will login and return the nitro_auth_token Then I need module that will switch to the partiton (without ANY attempts of create/delete/modify) the partition itself. So existing nspartiton module that relay on the "state" is not for me.

Additional context Add any other context or screenshots about the feature request here.

i maintain ADC with huge manually created config on partitions. Rework this into playbook for full coverage is not an option. So I cannot "touch" exisiting partitoin with exsitign "nspartition" module (finding this as too risky from my perspective). So instead of I reworked it so it only switch the partition and does absolutely nothing else. Attachign working drafts of these modules. By using them I can safely: -login -then swithc to expected partitition -then deploy objects on this partition

here are draft of these modules: https://github.com/pkodzis/test1

[BUG] citrix_adc_server fails to work with nitro_auth_token

opened on 2022-12-13 12:56:40 by pkodzis

Describe the bug citrix_adc_server fails to work with nitro_auth_token - it enforces using nitro_user and nitro_pass. That makes impossible to create servers on other partitions but the default one.

To Reproduce Steps to reproduce the behaviour: 1. My ansible-playbook is... - name: setup server delegate_to: localhost citrix_adc_server: nsip: "{{provider.nsip}}" nitro_auth_token: "{{nitro_auth_token}}" validate_certs: no state: present name: server-1 ipaddress: 192.168.10.123

1. The command I executed is... ansible-playbook -vvvvv 1.yml

2. The ansible-playbook logs are...

3. I am seeing the below error... fatal: [REMOVED -> localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "api_path": null, "bearer_token": null, "comment": "vars", "delay": null, "disabled": false, "domain": null, "domainresolveretry": null, "graceful": null, "instance_id": null, "instance_ip": null, "instance_name": null, "ipaddress": "192.168.10.123", "ipv6address": false, "is_cloud": false, "mas_proxy_call": false, "name": "server-1", "nitro_auth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "nitro_pass": null, "nitro_protocol": "https", "nitro_timeout": 310.0, "nitro_user": null, "nsip": "REMOVED", "save_config": true, "state": "present", "td": null, "translationip": null, "translationmask": null, "validate_certs": false } }, "msg": "You must provide a valid nitro user name" }

Expected behaviour A clear and concise description of what you expected to happen.

I need thre module to be able to work with nitro_auth_token rather than user/pass authneticaiton, so I could in advance switch to the partitition that I need to work on and continue my session on that partition.

Environment (please complete the following information): - Python version python --version output - Ansible version ansible --version output

$ python3 --version Python 3.8.10 $ ansible --version ansible [core 2.12.10] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/pkodzis/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible ansible collection location = /home/pkodzis/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0] jinja version = 2.10.1 libyaml = True

Releases

2019-12-19 15:42:56

v1.7 2019-11-21 15:00:19

Implemented Desired State API for citrix_adc_servicegroup

v1.6 2018-12-07 15:33:15

• Renamed netscaler_ modules to citrix_adc_
• Various fixes in citrix_adm_* modules

v1.5 2018-11-09 06:04:34

• Added remaining NetScaler-AppFW ansible modules: netscaler_appfw_htmlerrorpage netscaler_appfw_xmlerrorpage netscaler_appfw_xmlschema netscaler_appfw_wsdl netscaler_appfw_signatures

• appfw_learningdata is implemented using netscaler_nitro_request module and the sample playbooks are present as below: samples/appfw_learningdata_delete.yaml
samples/appfw_learningdata_get.yaml
samples/appfw_learningdata_export.yaml
samples/appfw_learningdata_reset.yaml

• Some minor fixes

1.4 2018-10-19 14:54:32

Added the following modules * netscaler_appfw_confidfield * netscaler_appfw_fieldtype * netscaler_appfw_jsoncontenttype * netscaler_appfw_learningsettings * netscaler_appfw_xmlcontenttype

Perfomance ehancements for the following modules: * netscaler_cs_policy * netscaler_lb_monitor * netscaler_lb_vserver * netscaler_server * netscaler_servicegroup

Various minor fixes.

1.3 2018-10-05 10:16:10

This version brings in new modules covering the Web Application Firewall feature of Netscaler.

New modules: * netscaler_appfw_policy * netscaler_appfw_policylabel * netscaler_appfw_profile * netscaler_appfw_settings

Added appfw policy bindings in the following existing modules: * netscaler_lb_vserver * netscaler_cs_vserver