sumanth-lingappa
commented
5 years ago Hello @MrBones757 , thank you for raising this issue. We will get back once analyzing this. Thank you.
Closed MrBones757 closed 5 years ago
sumanth-lingappa
commented
5 years ago Hello @MrBones757 , thank you for raising this issue. We will get back once analyzing this. Thank you.
MrBones757
commented
5 years ago I might add that i have tried using the netscaler* modules included with ansible and citrix* modules from this repo with the same issue occuring in both scenarios.
sumanth-lingappa
commented
5 years ago Noted.
MrBones757
commented
5 years ago Just wondering if there was any update on this & if you were able to reproduce issues.
sumanth-lingappa
commented
5 years ago @MrBones757 The scenario is perfectly working: Please find below two ways to achieve this. Revert for any.
- hosts: citrix_adc
vars:
max_clients: 5
remote_user: root
gather_facts: False
tasks:
- name: Disable service group
delegate_to: localhost
citrix_adc_servicegroup:
nsip: "{{ nsip }}"
nitro_user: "{{ nitro_user }}"
nitro_pass: "{{ nitro_pass }}"
state: present
servicegroupname: test_svcgrp
disabled: yesOR
- hosts: citrix_adc
gather_facts: no
tasks:
- name: Get resource
delegate_to: localhost
register: result
citrix_adc_nitro_request:
nsip: "{{ nsip }}"
nitro_user: "{{ nitro_user }}"
nitro_pass: "{{ nitro_pass }}"
operation: action
action: disable
resource: servicegroup
attributes:
servicegroupname: test_svcgrpHello, Sorry for my slow reply. I have re-verified this configuration and i am still not seeing this functioning. I have made sure i am using the most up to date version of the modules from this repo. Ansible verison is 2.7.5 The configuration used was:
Before:
After:
Job Output:
{
"_ansible_parsed": true,
"_ansible_no_log": false,
"_ansible_delegated_vars": {
"ansible_delegated_host": "localhost",
"ansible_host": "localhost"
},
"changed": true,
"invocation": {
"module_args": {
"comment": null,
"tcpb": null,
"cachetype": null,
"save_config": true,
"disabled": true,
"nitro_protocol": "https",
"maxreq": null,
"maxbandwidth": null,
"graceful": null,
"svrtimeout": null,
"clttimeout": null,
"servicetype": null,
"monthreshold": null,
"autoscale": null,
"maxclient": null,
"monitorbindings": null,
"servicegroupname": "
Note all server and monitor configuration has disappeared. Netscaler vpx version: NS11.1 58.13.nc
sumanth-lingappa
commented
5 years ago @MrBones757 , It is working well in my setup with NS11.1 build. Please allow me couple of days to revert back on this.
giorgos-nikolopoulos
commented
5 years ago @MrBones757
We recently added the ssh_citrix_adc connection plugin which allows you to use standard Ansbile modules with Citrix ADC.
With the use of the shell Ansible module you can issue nscli commands.
Disabling or enabling a servicegroup could be accomplished with the following playbooks
Disabling:
- hosts: citrix_adc
remote_user: nsroot
connection: ssh_citrix_adc
gather_facts: False
vars:
ansible_python_interpreter: /var/python/bin/python
tasks:
- name: Disable servicegroup test_service_group
shell: nscli -s -U :nsroot:nsroot "disable servicegroup test_service_group"
register: nscli_output
- name: Show nscli output
debug:
msg: "{{ nscli_output }}"Enabling.
remote_user: nsroot
connection: ssh_citrix_adc
gather_facts: False
vars:
ansible_python_interpreter: /var/python/bin/python
tasks:
- name: Enable servicegroup test_service_group
shell: nscli -s -U :nsroot:nsroot "enable servicegroup test_service_group"
register: nscli_output
- name: Show nscli output
debug:
msg: "{{ nscli_output }}"Make sure you have setup the connection plugin correctly as is detailed in this section of the README file.
Let us know if this works out for you.
MrBones757
commented
5 years ago Apologies for the slow reply. Unfortunately this solution does not work in the setup implemented as we are using AD/LDAP logins to control access and permissions via the API/UI rather than directly accessing the command-line of the VPX instance. I have done some research and found an alternative to the standard modules which use API calls to trigger actions on the netscaler. Using these i was able to create my own temporary solution to this issue until the underlying issue (?) with the provided modules can be determined.
giorgos-nikolopoulos
commented
5 years ago Since you cannot access the nscli I see the proposed solution cannot work.
Another alternative that skipped my mind is to use the citrix_adc_nitro_request module to enable/disable the target servicegroup.
Here is a sample playbook that disables the test_service_group
- hosts: citrix_adc
gather_facts: False
vars:
tasks:
- name: Add Service
delegate_to: localhost
register: result
citrix_adc_nitro_request:
nsip: "{{ nsip }}"
nitro_user: "{{ nitro_user }}"
nitro_pass: "{{ nitro_pass }}"
operation: action
action: disable
resource: servicegroup
attributes:
servicegroupname: "test_service_group"To enable the servicegroup use the same playbook with action: enable
We will be tracking this issue in our internal Jira to make sure we address this when we rewrite the servicegroup module.
The citrix_adc_servicegroup module does not appear to allow you to disable the sg without providing a heap of other parameters.
I am trying to convert Powershell scripts (Enable-NSServiceGroup cmdlet) to these ansible modules for plays. It appears that every time the module runs, it resets the netscaler to the configuration of the module call rather than simply toggling the enable / disable & graceful functionality.
I have tried to use the citrix_adc_nitro_request module to achieve this though functionality seems to be the same result.
Examples of module invocations: name: Do a Thing netscaler_nitro_request: nitro_protocol: https nitro_user: "{{ im_ad_username }}" nitro_pass: "{{ im_ad_password }}" nsip: "{{ im_netscaler_dict[im_netscaler_sg_name]['im_netscaler_ip'] }}" validate_certs: no operation: "action" action: "disable" attributes: servicegroupname: "{{ im_netscaler_sg_name }}" graceful: "yes" resource: servicegroup register: result_sg
Any information on how to achieve this functionality would be appreciated. It can be done though the UI and Powershell so i assume its doable using Ansible too.