Ansible and Citrix ADC (sslparameter)

Automation is like the winter in Game of Thrones, its been on the horizon for quite some time, but finally, i am starting to see traction from mid-sized enterprise customers.

If you want to get started, watching the videos form Citrix Converge 2020 is a really good place to start, and of course the official channels on github.com/citrix

I’ll mainly write about the headaches i have working with automation, since the SDK is only some what complete if you have a “automate” everything approach. (so far its been good on services running through the ADC but not the ADC it self)

Changing the default sslparameter requires some custom nitro API calls. since the way SDK works is that you have a key for every object, but here – there is no key, so the SDK would fail since it would ask on something like https://<nsip>/nitro/v1/config/sslparameter/<key> and i only want to change something on https://<nsip>/nitro/v1/config/sslparameter.

First you make Ansible do a custom nitro request to https://<nsip>/nitro/v1/config/sslparameter, store that information in a “fact” with “register”, based on the output you use a “when” to check in your new custom “fact” – it looks something like this:

    - name: Test - Is SSL Default profile enabled
      delegate_to: localhost
      uri:
        url: "https://{{ nsip }}/nitro/v1/config/sslparameter"
        validate_certs: no
        method: GET
        status_code: 200
        return_content: yes
        headers:
          X-NITRO-USER: "{{ nitro_user }}"
          X-NITRO-PASS: "{{ nitro_pass }}"
        body_format: json
      register: register_sslparameter
    - set_fact:
        sslparameter_fact: "{{ register_sslparameter.json }}"
    - name: Enable SSL Default profile
      delegate_to: localhost
      uri:
        url: "https://{{ nsip }}/nitro/v1/config/sslparameter"
        validate_certs: no
        method: PUT
        status_code: 200
        return_content: yes
        headers:
          X-NITRO-USER: "{{ nitro_user }}"
          X-NITRO-PASS: "{{ nitro_pass }}"

        body_format: json
        body:
          sslparameter:
            defaultprofile: "ENABLED"
      when: sslparameter_fact.sslparameter.defaultprofile != "ENABLED"

- name: Test - Is SSL Default profile enabled

delegate_to: localhost

uri:

url: "https://{{ nsip }}/nitro/v1/config/sslparameter"

validate_certs: no

method: GET

status_code: 200

return_content: yes

headers:

X-NITRO-USER: "{{ nitro_user }}"

X-NITRO-PASS: "{{ nitro_pass }}"

body_format: json

- set_fact:

sslparameter_fact: "{{ register_sslparameter.json }}"

- name: Enable SSL Default profile

delegate_to: localhost

uri:

url: "https://{{ nsip }}/nitro/v1/config/sslparameter"

validate_certs: no

method: PUT

status_code: 200

return_content: yes

headers:

X-NITRO-USER: "{{ nitro_user }}"

X-NITRO-PASS: "{{ nitro_pass }}"

body_format: json

body:

sslparameter:

defaultprofile: "ENABLED"

when: sslparameter_fact.sslparameter.defaultprofile != "ENABLED"

The above shown is build on examples from https://github.com/citrix/citrix-adc-ansible-modules

There are properly other ways of doing this, and i would love to hear about them 🙂

All i want to Christmas, is a complete SDK on Ansible, that holds every function available in the ADC.

Published

December 1, 2020

Morten Kallesoee in NetScaler | December 1, 2020

Ansible and Citrix ADC (sslparameter)

Published

December 1, 2020

Cancel Reply

What do you think?