This post has already been read 21752 times!
With the release of NetScaler 11.1 and NetScaler Management and Analytics System (NMAS) into beta at Citrix Synergy I have started to look at what we can achieve from the new versions of the NetScaler firmware and the NMAS appliance.
One of the features of NMAS that I think is really good is the Configuration Jobs. This will allow you to automate tasks on a single NetScaler or a group of NetScalers and better still it will let you put variables into the script and gather user input prior to running the job. This will allow you to generalize the script and run it on multiple instances!
In this article I will walk you through creating a Configuration job to build a StoreFront vServer running on port 443 and an http to https redirect server to ensure that traffic is always secure.
Before we start you need to ensure that your internal Root CA and StoreFront Certificates are pre-installed on the NetScaler
Pre Installed SSL Certificates
No existing Virtual Servers
So, once you have deployed and run the initial config on your NMAS appliance head over to the log in screen and log into the management interface
If you want help deploying NMAS for the first time check my post here
https://bretty.me.uk/netscaler-11-1-management-and-analytics-system-initial-setup-guide/
Navigate to Instances on the Infrastructure tab and ensure you have an instance linked and showing as green.
Further down the list click on Configuration Jobs and then click Create Job
When prompted enter the following commands. There is a slight bug in the interface where by you cannot copy and paste the entire script into the window as it will not split the lines out.
Cope each line into a new SSH command as shown below
NOTE: You will notice the variables in $dollars$ – make sure to paste these into the script window and we will re-define them later
add server web.$domain-name$ $web-server-ip$ add server storefront.$domain-name$ $storefront-vip-ip$ add server localhost.$domain-name$ 127.0.0.1 add service svc.always.up localhost.$domain-netbios$.local HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip ENABLED cip-header -usip YES -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add serviceGroup svc.grp.$domain-netbios$.storefront.443 SSL -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-For -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add lb vserver vsvr.$domain-netbios$.storefront.443 SSL $storefront-vip-ip$ 443 -persistenceType NONE -cltTimeout 180 add lb vserver vsvr.$domain-netbios$.storefront.80 HTTP $storefront-vip-ip$ 80 -persistenceType NONE -cltTimeout 180 add responder action responder.act.http.to.https redirect "\"https://\" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE" -responseStatusCode 302 add responder policy responder.pol.http.to.https HTTP.REQ.IS_VALID responder.act.http.to.https RESET bind lb vserver vsvr.$domain-netbios$.storefront.80 svc.always.up bind lb vserver vsvr.$domain-netbios$.storefront.443 svc.grp.$domain-netbios$.storefront.443 bind lb vserver vsvr.$domain-netbios$.storefront.80 -policyName responder.pol.http.to.https -priority 100 -gotoPriorityExpression END -type REQUEST add lb monitor $domain-netbios$.storefront.secure STOREFRONT -scriptName nssf.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -LRTM DISABLED -secure YES -storename $storefront-store-name$ add lb monitor $domain-netbios$.localhost PING -LRTM DISABLED -destIP 127.0.0.1 bind service svc.always.up -monitorName $domain-netbios$.localhost bind serviceGroup svc.grp.$domain-netbios$.storefront.443 web.$domain-name$ 443 bind serviceGroup svc.grp.$domain-netbios$.storefront.443 -monitorName $domain-netbios$.storefront.secure bind ssl vserver vsvr.$domain-netbios$.storefront.443 -certkeyName $ssl-cert$ bind ssl vserver vsvr.$domain-netbios$.storefront.443 -certkeyName $root-cert$ -CA -ocspCheck Optional bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_256 bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_384 bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_224 bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_521
Once the script is pasted we need to define the variables – highlight the first variable
hover over the variable with your mouse and click Convert To Variable
When the variable is converted double click it to define the details for the variable.
In Display Name enter the text you want to show the user as a prompt
Go though each variable in the script until its all complete
Once done click the Save as Configuration Template
Give the template a name and click on Save
You will notice that the Configuration Job is now available as a default template. You can drag and drop this into the script windows for future deployments
Give your new job a name
Select the NetScaler instance you want to run the job on
You will be prompted for values for all the variables you have defined in the script
Fill the variables out
Click next, review the detail then run the job
You will see the status of the job running
Once complete you will see the Completed Status in the jobs window
If we switch back to our NetScaler you will see that the Virtual Servers have been created
If you check the vServer for port 80 you will notice that it has a responder policy to redirect traffic to port 443
That’s it, I have to say that I think this is a very powerful part of the NMAS appliance and cant wait to get more and more of my NetScaler build into it.
Hope this helps you out
Laters,
b@m
Just starting playing with NMAS. By all means your 2 articles are spot on. Waiting for more …
Thanks 🙂 .
Pingback: NetScaler Management and Analytics System – Carl Stalhood
Thanks for this information.
I would like to know if it’s possible to create a job that assign a variable multiple names in every execution, for example if i want to have an automatically backup task and in its names changes constantly.
Pingback: NetScaler Management and Analytics System (MAS) 12 – Carl Stalhood