Citrix Blogs

Scripting: Automating NetScaler configurations using NITRO REST API and PowerShell – Part 2

Part 1: Introduction and getting started.

Part 2: Basic operations and initial configuration.

Part 3: SSL certificates and StoreFront load balancing.

Part 4: NetScaler Gateway with StoreFront configuration.

Part 5: High Availability configuration.

Previously, we went over importing the NetScaler Configuration module and setting the management protocol (http or https) that we use to connect to the NetScaler appliance. We proceeded to connect to the appliance, while saving off the session object, and disconnecting from the appliance. Separately we introduced the Invoke-NSNitroRestApi function. Now in Part 2 we’ll dive into using the Invoke-NSNitroRestApi function (as part of other NetScaler configuration functions) to perform additional basic operations and the initial configuration.

Saving and rebooting the NetScaler appliance

Save the NetScaler’s configuration (Save-NSConfig example)

The NetScaler appliance is driven, for the most part, by the configuration stored in the ns.conf file. Using the NetScaler configuration module, we can easily save the configuration by calling:

Save-NSConfig -NSSession $myNSSession

Restarting the NetScaler appliance (Restart-NSAppliance example)

In order for some configurations to take effect, like reading the licenses, you must restart the NetScaler appliance. The Restart-NSAppliance includes functionality to save the configuration before rebooting, perform a warm reboot, and also wait until the NetScaler appliance is back online. This can be accomplished by calling:

Restart-NSAppliance -NSSession $myNSSession -SaveNSConfig -WarmReboot -Wait

Keep in mind that after a reboot, you must re-establish a session with the NetScaler appliance by using Connect-NSAppliance.

Initial configuration

When an appliance is first brought online, a start-up configuration is required which includes the NetScaler management IP address (NSIP), a subnet mask, a gateway, and a reboot. After this, you can proceed to the web console using the default username and password to continue the initial configuration. This includes a subnet IP address (SNIP), host name, DNS servers, and time zone, and licensing.

Subnet IP address (Add-NSIPResource example)

Let’s say we want to set a subnet IP of 10.108.151.2, with a subnet mask of 255.255.248.0. This is how we would call this:

Add-NSIPResource -NSSession $myNSSession -IPAddress "10.108.151.2" -SubnetMask "255.255.248.0"

This function also supports other IP resource types such as MIP and CLIP, among others.

Set the host name (Set-NSHostName example)

Next, we’d like to change the hostname to NS1 as follows:

Set-NSHostName -NSSession $myNSSession -HostName "NS1"

Adding DNS name servers (Add-NSDNSNameServer example)

Additionally, DNS name servers can be simply added by using their IP address. This can be called as follows:

Add-NSDnsNameServer -NSSession $myNSSession -DNSServerIPAddress "10.8.115.210"

Or if we’re setting multiple DNS servers:

"10.8.115.210","10.8.115.211" | Add-NSDnsNameServer -NSSession $myNSSession

Set the time zone (Set-NSTimeZone example)

Time zones are a bit trickier, since we must know the exact name of the time zone that we want to set. For a list of the allowed time zone names, you can call Import-NSTimeZones which returns an array of all the time zone values allowed. Once you determine the one you’d like to set, you can call it as:

Set-NSTimeZone -NSSession $myNSSession -TimeZone "GMT-05:00-EST-America/Panama"

Upload licenses (Send-NSLicenseViaPSCP example)

Finally, we’d need to upload licenses. As of this writing, we would need to upload the license files using your favorite SCP tool. So we developed a wrapper function for an example use of pscp.exe from Putty’s suite of tools. You must first accept the SSH thumbprint, via a previous connection, separate plink.exe execution, or otherwise, then you can upload the licenses in a similar call as:

$pathtopscp = "C:\Putty\pscp.exe"
$licfiles = @("C:\NSLicense\License1.lic","C:\NSLicense\License2.lic")
$licfiles | Send-NSLicenseViaPSCP -NSIP "10.108.151.1" -NSUsername "nsroot" -NSPassword "nsroot" -PathToPSCP $pathtopscp

In the future, .lic file extensions will be permitted through Nitro REST API, which means you can then call:

$licfiles = @("C:\NSLicense\License1.lic","C:\NSLicense\License2.lic")
$licfiles | Send-NSLicense -NSSession $myNSSession

Enabling NetScaler modes and features

Enabling NetScaler modes (Enable-NSMode example)

In order to configure different functionality on the NetScaler appliance, you will need to enable the related modes required by your configuration. For example, to enable Use Subnet IP and MAC Based Forwarding, you can do the following:

Enable-NSMode -NSSession $myNSSession -Feature "USNIP","MBF"

Enabling NetScaler features (Enable-NSFeature example)

Similarly, to enable the related features required by your configuration. For example, to enable SSL Offloading and Load Balancing, you can do the following:

Enable-NSFeature -NSSession $myNSSession -Feature "SSL","LB"

Get the example PowerShell Module (Part 2)

This module is now updated in Scripting: Automating NetScaler configurations using NITRO REST API and PowerShell – Part 3

Coming up next

We’ll go over additional use cases as we continue exposing more functions in the example PowerShell module.

Happy Scripting!

Santiago Cardenas

Disclaimer:

This software / sample code is provided to you “AS IS” with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software / sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software / sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software / sample code. In no event should the software / code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE / SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.

Exit mobile version