After being a unicorn for some time, Citrix did finally release the Docker based NetScaler called CPX!
NOTE: CPX can be downloaded from here –> https://www.citrix.com/downloads/netscaler-adc/betas-and-tech-previews/cpx-111-405.html If you have the proper Citrix Partner access.
But as of now the CPX can be used in two ways, either be deployed on a Ubuntu host using Docker or using the NetScaler Management and Analytics integration with Mesos and be provisioned from there.
So as of now the requirements are
- 1 CPU
- 2 GB RAM
- Linux Ubuntu version 14.04 and later
So the easiest way is to download Ubuntu server from (http://www.ubuntu.com/download/server) needs to be 64-bit!!
(I’m not going to cover how to install an Ubuntu server, but show the steps that are needed in order to set it up as an docker host, and note I’m using Ubuntu version 14.04, and it must have internet access in some way, either using a proxy or a direct connection in order to download the required files.
The simplest way is to set it up using an SSH server, which makes it easier to work with it from a remote session
sudo apt-get install openssh
Then we need to add a couple of requirements to the Ubuntu host in order to install Docker
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates
sudo apt-key adv –keyserver hkp://p80.pool.sks-keyservers.net:80 –recv-keys 58118E89F3A912897C070ADBF76221572C52609D
Add a new repository
sudo vi /etc/apt/sources.list.d/docker.list
Add the following
deb https://apt.dockerproject.org/repo ubuntu-trusty main
apt-get install apparmor
Then you need to install the docker-engine
sudo apt-get install docker-engine
sudo service docker start
Then to verify that docker is running use the command
sudo docker run hello-world
So now we can run the sudo docker command and we can see which attributes it can support, we can also run the sudo docker images to see which container images are available on the host.
After that we have to extract the CPX from the tar file
tar -xvzf cpx-18.104.22.168.tar.gz
Then change directory to the CPX folder
Then run the make command from within the directory (NOTE: You need to have make installed which can be installed using apt-get install make) This creates an docker image based upon the attributes in the makefile. After it is complete you can view the CPX image by using the command
NOTE: This might take some time and requires additional components to configure properly, it will also download the ubuntu docker image
sudo docker images
Now let’s create a container from the CPX image
sudo docker run -dt -p 22 -p 80 -p 161/udp –ulimit core=-1 –privileged=true cpx:22.214.171.124
If you run the sudo docker ps you will see the container running
Now that we can see that the CPX is running as it should, we can now enter is using SSH. Notice the 0.0.0.0:32769 port (Which is used for SSH server), this will be used to open an SSH session to that particular Container
ssh -p 32769 firstname.lastname@example.org (The default administrator credentials to log on to a NetScaler CPX instance are root/linux.)
Now since the CPX is not an ordinary NetScaler we have to wrap commands using a bash script. So for instance if we want to use the show ns config command we have to run it using the
cli_script.sh “show ns config”
And note: CPX can only be configured using CLI or using Nitro API or using the NetScaler Management and analysis virtual appliance.
So to setup a sample load balancing containers we have a sample container running nginx in the backend on its seperate container. In order to do that we need to have nginx docker image downloaded, which can be setup using this command from the ubuntu host –>
sudo docker pull nginx
Then we are going to setup a docker container from the nginx image
sudo docker run –name docker-nginx -p 80:80 nginx (This is going to expose the port 80 on the ubuntu host to port 80 on the container.
Open up a web browser to see that the nginx session is running. (Note we started the process interactivly therefore you will not see anything in the console)
But by using the command with –d attribute you can run it in the background.
sudo docker run –name docker-nginx -p 80:80 -d nginx
Okay, so now we have the container running externally on port 80. So let us setup a load balancing vServer which will map externally on the ubuntu host to port 81. In order to setup a load balacer we need first to get IP address of the container, the nginx container image does not have ssh so the simplest way is to use the
sudo docker exec -it containerid ip addr (command)
Now that we now the IP address of the container (Which is 172.17.0.3) We can now configure the CPX load balancing parameters.
cli_script.sh “add service db1 172.17.0.3 HTTP 80”
cli_script.sh “add lb vserver cpx-vip HTTP 172.17.0.4 81”
cli_script.sh “bind lb vserver cpx-vip db1”
Notice also that this vServer is now exposed using port 81, but that is on the network which the docker bridge is on. So the simplest way is to add another NAT rule to the IPtables which will redirect the traffic to that container port
iptables -t nat -A PREROUTING -p tcp -m addrtype –dst-type LOCAL -m tcp –dport 50000 -j DNAT –to-destination 172.17.0.4:81
So did you lose overview? The simplest way is to show it in a visio drawning
I spun up a container on the nginx image which I mapped externally on port 80. Then I setup a CPX added a load balancing vserver which reponds on port 81. Since the CPX did not have port 81 mapped in the docker setup I needed to add an IP tables rule which mapped the virtual server port 81 externally to port 50000. So when I opened up the browser against the external IP on port 50000 I then get the web frontend from the Nginx server via the NetScaler CPX