Automation is like the winter in Game of Thrones, its been on the horizon for quite some time, but finally, i am starting to see traction from mid-sized enterprise customers.
If you want to get started, watching the videos form Citrix Converge 2020 is a really good place to start, and of course the official channels on github.com/citrix
I’ll mainly write about the headaches i have working with automation, since the SDK is only some what complete if you have a “automate” everything approach. (so far its been good on services running through the ADC but not the ADC it self)
Changing the default sslparameter requires some custom nitro API calls. since the way SDK works is that you have a key for every object, but here – there is no key, so the SDK would fail since it would ask on something like https://<nsip>/nitro/v1/config/sslparameter/<key> and i only want to change something on https://<nsip>/nitro/v1/config/sslparameter.
First you make Ansible do a custom nitro request to https://<nsip>/nitro/v1/config/sslparameter, store that information in a “fact” with “register”, based on the output you use a “when” to check in your new custom “fact” – it looks something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
- name: Test - Is SSL Default profile enabled delegate_to: localhost uri: url: "https://{{ nsip }}/nitro/v1/config/sslparameter" validate_certs: no method: GET status_code: 200 return_content: yes headers: X-NITRO-USER: "{{ nitro_user }}" X-NITRO-PASS: "{{ nitro_pass }}" body_format: json register: register_sslparameter - set_fact: sslparameter_fact: "{{ register_sslparameter.json }}" - name: Enable SSL Default profile delegate_to: localhost uri: url: "https://{{ nsip }}/nitro/v1/config/sslparameter" validate_certs: no method: PUT status_code: 200 return_content: yes headers: X-NITRO-USER: "{{ nitro_user }}" X-NITRO-PASS: "{{ nitro_pass }}" body_format: json body: sslparameter: defaultprofile: "ENABLED" when: sslparameter_fact.sslparameter.defaultprofile != "ENABLED" |
The above shown is build on examples from https://github.com/citrix/citrix-adc-ansible-modules
There are properly other ways of doing this, and i would love to hear about them 🙂
All i want to Christmas, is a complete SDK on Ansible, that holds every function available in the ADC.