Terraform Custom Provider for Citrix NetScaler
This project is a terraform custom provider for Citrix NetScaler. It uses the [Nitro API] (https://docs.citrix.com/en-us/netscaler/11/nitro-api.html) to create/configure LB configurations.
- Copy the binary (either from the build or from the releases page)
terraform-provider-netscaler
to an appropriate location. Configure.terraformrc
to use thenetscaler
provider. An example.terraformrc
:
providers {
netscaler = "<path-to-custom-providers>/terraform-provider-netscaler"
}
- Run
terraform
as usual
terraform plan
terraform apply
- The provider will not commit the config changes to NetScaler's persistent store. To do this, run the shell script
ns_commit.sh
:
export NS_URL=http://<host>:<port>/
export NS_USER=nsroot
export NS_PASSWORD=nsroot
./ns_commit.sh
To ensure that the config is saved on every run, we can use something like terraform apply && ns_commit.sh
provider "netscaler" {
username = "${var.ns_user}"
password = "${var.ns_password}"
endpoint = "http://10.71.136.250/"
}
The following arguments are supported.
username
- This is the user name to access to NetScaler. Defaults tonsroot
unless environment variableNS_LOGIN
has been setpassword
- This is the password to access to NetScaler. Defaults tonsroot
unless environment variableNS_PASSWORD
has been setendpoint
- (Required) Nitro API endpoint in the formhttp://<NS_IP>/
orhttp://<NS_IP>:<PORT>/
. Can be specified in environment variableNS_URL
The username, password and endpoint can be provided in environment variables NS_LOGIN
, NS_PASSWORD
and NS_URL
.
resource "netscaler_lbvserver" "foo" {
name = "sample_lb"
ipv46 = "10.71.136.150"
port = 443
servicetype = "SSL"
lbmethod = "ROUNDROBIN"
persistencetype = "COOKIEINSERT"
sslcertkey = "${netscaler_sslcertkey.foo.certkey}"
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/load-balancing/lbvserver.html for possible values for these arguments and for an exhaustive list of arguments. Additionally, you can specify the SSL certkey
to be bound to this lbvserver
using the sslcertkey
parameter
resource "netscaler_service" "backend_1" {
ip = "10.33.44.55"
port = 80
servicetype = "HTTP"
lbvserver = "${netscaler_lbvserver.foo.name}"
lbmonitor = "${netscaler_lbmonitor.foo.name}"
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/basic/service.html for possible values for these arguments and for an exhaustive list of arguments. Additionally, you can specify the LB vserver to be bound to this service using the lbvserver
parameter, and the lbmonitor
parameter specifies the LB monitor to be bound.
resource "netscaler_servicegroup" "backend_1" {
servicegroupname = "backend_group_1"
servicetype = "HTTP"
lbvservers = ["${netscaler_lbvserver.foo.name}]"
lbmonitor = "${netscaler_lbmonitor.foo.name}"
servicegroupmembers = ["172.20.0.20:200:50","172.20.0.101:80:10", "172.20.0.10:80:40"]
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/basic/servicegroup.html for possible values for these arguments and for an exhaustive list of arguments. Additionally, you can specify the LB vservers to be bound to this service using the lbvservers
parameter. The lbmonitor
parameter specifies the LB monitor to be bound.
resource "netscaler_csvserver" "foo" {
name = "sample_cs"
ipv46 = "10.71.139.151"
servicetype = "SSL"
port = 443
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/content-switching/csvserver.html for possible values for these arguments and for an exhaustive list of arguments. Additionally, you can specify the SSL cert to be bound using the sslcertkey
parameter
resource "netscaler_sslcertkey" "foo" {
certkey = "sample_ssl_cert"
cert = "/var/certs/server.crt"
key = "/var/certs/server.key"
expirymonitor = "ENABLED"
notificationperiod = 90
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/ssl/sslcertkey.html for possible values for these arguments and for an exhaustive list of arguments.
resource "netscaler_cspolicy" "foo" {
policyname = "sample_cspolicy"
url = "/cart/*"
csvserver = "${netscaler_csvserver.foo.name}"
targetlbvserver = "${netscaler_lbvserver.foo.name}"
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/content-switching/cspolicy.html for possible values for these arguments and for an exhaustive list of arguments.
resource "netscaler_lbmonitor" "foo" {
monitorname = "sample_lb_monitor"
type = "HTTP"
interval = 350
resptimeout = 250
}
See https://docs.citrix.com/en-us/netscaler/11-1/nitro-api/nitro-rest/api-reference/configuration/load-balancing/lbmonitor.html for possible values for these arguments and for an exhaustive list of arguments.
- You have (some) experience with Terraform, the different provisioners and providers that come out of the box, its configuration files, tfstate files, etc.
- You are comfortable with the Go language and its code organization.
- Install
terraform
from https://www.terraform.io/downloads.html go get -u github.com/hashicorp/terraform
- Install
godep
(https://github.com/tools/godep) - Check out this code:
git clone https://<>
- Build this code using
make build
See the examples
directory for various LB topologies that can be driven from this terraform provider.