Configure Stylebook configpacks using Ansible and Citrix ADM

I’ve created an Ansible playbook to deploy configpacks to Citrix ADC (previously Citrix NetScaler) using Ansible and Citrix ADM (previously Citrix NetScaler MAS). You add the configuration to the parameters and the playbook will add configpacks using the settings you’ve defined.

Still a lot to do with this one, for example updating the configpack when the parameters has changed in the playbook.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Identifies the current primary/active Citrix ADC (NetScaler)
  • Locates the active nodes instanceId
  • Identifies all Stylebooks on Citrix ADM
  • Identifies what Stylebooks will be used
  • Creates configpack if it isn’t already created
  • Verifies that the configpack is deployed without any failures

Feel free to try it out and all feedback is welcome!



Deploy Citrix ADM Stylebooks using Ansible

I’ve created an Ansible playbook to deploy Citrix ADM (previously Citrix NetScaler MAS) Stylebooks. It will upload the latest version of the stylebook, migrate existing configpacks that are using the older version and then remove the old version from MAS.

There are still a lot to do with this playbook, for example handle parameters being added to a new version and delete Stylebooks if they’ve been removed from the playbook.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Logs on to MAS
  • Locates all stylebooks in files/stylebooks
  • Identifies stylbook versions
  • Uploads stylebook if it that version doesn’t exist
  • Migrates configpacks to the new version
  • Removes the old version(s) of the stylebooks

Right now, there are four stylebooks:

  • xenit-srvobject.yml – Adds one or more server objects
  • xenit-svcgroup.yml – Adds a service groups with one or more server objects
  • xenit-csvserver.yml – Adds a cs vserver
  • xenit-lbvserver.yml – Adds an lb vserver using service group and binds it to a cs vserver

Feel free to try it out and any feedback is welcome! Or maybe even do a pull request?



Citrix ADC base configuration with Ansible and Citrix ADM

I’ve created an Ansible playbook to configure a base line on Citrix ADC (previously Citrix NetScaler) using Ansible and Citrix ADM (previously Citrix NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • NSIP parameters
  • HA Node parameters
  • SNIP parameters
  • VLANs
  • Policy Based Routing
  • Access Lists
  • SSL profiles
  • TCP Settings
  • HTTP Profile
  • NS Parameters
  • LB Parameters
  • SNMP Parameters
  • Cache parameters
  • Compression parameters
  • NetScaler modes
  • NetScaler features
  • NTP Configuration

I hope this can be of some help and feel free to give feedback or contribute to the playbook!



Configure Citrix ADC HA pair using Ansible and Citrix ADM

I’ve create an Ansible playbook to configure two Citrix ADCs (previously Citrix NetScaler) into an HA pair using Citrix ADM (previously NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it with the credentials and IP-addresses as parameters and you’ll have an HA pair.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Creates or updates a device profile
  • Creates or updates a datacenter (mps_datacenter)
  • Adds Citrix ADC instances to Citrix ADM
  • Creates an HA pair of the Citrix ADC instances using the ns_hapair_template maintenance job
  • Configures a new rpcNode password

I hope this can be of some help and feel free to reach out if you have any feedback or questions!



Configure Citrix ADM using Ansible

I’ve created an Ansible Playbook to configure Citrix ADM (previously Citrix NetScaler MAS). Instead of configuring all the different parts using the GUI, you can now change the parameters in a configuration file and the playbook will apply and update your configuration for you – making giving you Infrastructure as Code and documentation in one place!

The playbook has been published to Azure DevOps and can be found here. Read the readme for the latest information.

What the playbook configures (or at least at the time of writing this blogpost):

  • nsroot password
  • DNS servers
  • time zone
  • system settings
  • prune policy
  • syslog purge settings
  • backup policy
  • device backup policy
  • NTP sync and servers (reboots server if required)
  • LDAP servers and enables them as external authentication servers
  • Adds groups

Feel free to try it out and get back to me with any feedback! It’s a work in progress and I’ll try to keep the information up to date in the readme.



Deploy Citrix ADC to Azure using ARM Templates and Ansible

I’ve created an Ansible playbook to deploy Citrix ADC (previously Citrix NetScaler) to Azure using ARM Templates. You can find the playbook here in Azure DevOps, see the readme for the latest information about the playbook, how to use it and the per-requisites.

The main points for creating a new one instead of using the Citrix provided ones are (or at least were):

  • Deploy HA using Availability Zone
  • Using HA Ports for internal LB
  • Generates the external LB rules based on the number of Public IPs and Ports automatically
  • Naming convention that matches all other resources

Feel free to try it out and get back to me if you have any questions!



HOW TO: Configure BGP between Arista and Palo Alto using loopback-interfaces

In this example I will be showing you how you can configure BGP between Arista and Palo Alto. The setup has two Arista COR-switches which is configured with MLAG and a Palo Alto Networks firewall.

The goal is to use iBGP between the Arista-switches and eBGP between the Arista-switches and Palo Alto.

We will also be using a specific VRF in this example, if you have more than one VRF the same configuration-method can be applied again.

We will also assume that all linknet-interfaces are already configured on each device.

The topology is shown below.

Start by adding your route distinguisher and activate routing on your VRF on the Arista-switches.

Configure the loopback-interfaces and create static routes between them.

Next we will configure BGP on both Arista-switches. Both Arista-switches will have the same router BGP-ID but will be distinguished by ”local-as”. Also in this example we will redistribute connected and static routes, these can be changed depending on your needs.

Verify that that the neighbor Arista-switch is in established state with the below command.

Next we will configure the Palo Alto-firewall with BGP. For simplicity we will call the Virtual Router ”vrf-01” here as well.

Start by creating your loopback-interface.

Then create your static-routes and enable ECMP to be able to use both paths.

Next we will create a redistribution profile to decide what routes will be redistributed. As on the Arista-switches we will redistribute connected and static routes.

As a final step we will configure BGP on the VR. This can be configured in several different ways depending on your needs and this example is kind of slim but enough to distribute the routes.

Verify that BGP is established to both arista-core1 & arista-core2 by going to:

You should see that both ”peer-arista-core1” and ”peer-arista-core2” is established.

Also verify the established neighbors (should be two) on the Arista-switches with the below command:

At this point the only routes that should be added by BGP is the linknets that is not directly connected.

For example on arista-cor1:

As seen in the topology 10.0.0.2/31 is between arista-core2<->pa-fw01 and arista-core1 routes this traffic via the linknet ip on arista-core2.

Feel free to send me any questions to petter.vikstrom@xenit.se or add your question in the comments.



Monitoring vDisk Rebalance Enabled

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring for whether Rebalance Enabled is configured for active vDisk, with Provisioning Services (PVS) Powershell SnapIn.



Monitoring vDisk Replication

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring of vDisk Replication with Provisioning Services (PVS) Powershell SnapIn.



Azure Resource Graph

During Ignite 2018 Microsoft released a couple of new services and features in public preview for Azure i will try to cover the Governance parts in upcoming posts.

Lets start with Resource Graph.

If you have been working with Azure Resource Manager, you might have realized its limitations for accessing resource properties. The resource fields we have been able to work with is Resource Name, ID, Type, Resource Group, Subscriptions, and Location. If we want to find other properties, we need to query each resource separately and you might end up with quite complicated scripts to complete what started as simple tasks.

This is where Resource Graph comes in, Resource Graph is designed to extend the Azure Resource Management with a Azure Data Explorer Query language base.

With Resource Graph it’s now easy to query all resources over different subscriptions, as well as get properties of all resources without more advanced scripts to query all resource separately. Ill show how in the attached examples below.

All Resources

The new “All resources” view in the portal is based on Resource Graph and if you haven’t tried it out yet go check it out. It’s still in preview so you have to “opt-in” to try it.

Get started

To get started with Resource Graph you can use either CLI, Powershell or the Azure Portal.

In the examples below, I am using Cloudshell and Bash but you could just as well use Powershell:

#Add Resource Graph Extension, needs to be added first time.

#Displays all virtual machines, OS and versions

Example output from above query

# Display all virtual machines that starts with “AZ” and ends with number.

# Display all storage accounts that have the option to “Allow Access from all networks”

# Display linux VMs with OS version 16.04

For more info about the query language check this site:
https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language

If you have any specific scenario feel free to contact me and we can try to query your specific needs.

You can reach me at tobias.vuorenmaa@xenit.se if you have any questions.