Deploying Citrix NetScaler Configuration using Terraform

Last Week Citrix published the first public version of their Terraform Provider for Citrix ADC/NetScaler which allows us to deploy Citrix Configuration using Terraform syntax. Since I’m using Terraform for the deployment of other services as well, it makes it easy to deploy NetScaler/ADC using the same configuration syntax as well.

The provider is available on the public repository from Hashicorp –> citrix/citrixadc | Terraform Registry

Which means that you can pull the provider down directly. The provider is used to configure target ADC instances using the NITRO API, either directly or via Proxy calls through ADM. It should be noted that this provider only works for traditional ADC/NetScaler appliances and does not have any direct integration with other cloud-based services that Citrix might have. 

As a demo example, you can define credentials directly into a custom tf file (not recommended) but using these values.

NOTE: Proxied_NS is only used when you are using ADM

provider "citrixadc" {
  endpoint   = "https://10.22.0.1"
  username   = "nsroot"
  password   = "admpassword"
  proxied_ns = "10.0.0.1"
}

Once the provider information is in place, you can run terraform init to download the provider from the registry.

Here is also the list of supported resource using the provider at the moment –> terraform-provider-citrixadc/docs/resources at master · citrix/terraform-provider-citrixadc (github.com)

Now when looking at the supported resources there are some obvious missing resources, such as the Gateway service.

However just to give an example of how using Terraform could help with the configuration of the appliance.

Typically, you have a base set of Terraform files where you have the typical files

  • provider.tf (this file contains the provider resource and any other backend configuration you might use)
  • resource.tf (contains the actual configuration of the appliance)

Within the resource.tf file we can define our configuration. As an example, I will be deploying a new baseline TCP profile used for XD/XA environments.
NOTE: All the definitions for the different attributes can be found here –> citrixadc_nstcpprofile | Resources | citrix/citrixadc | Terraform Registry

resource "citrixadc_nstcpprofile" "adcprofile" {
 name = "XAXD_tcpprofile"
 ws = "ENABLED"
 ackaggregation = "DISABLED"
 #mpcapablecbit = "ENABLED"
 syncookie = "ENABLED"
 flavor = "Nile"
 hystart = "ENABLED"
}

It is also important that when deploying configuration using Terraform and you want to have the configuration saved on an ADC appliance you need to save the current configuration from memory down to the disk as well. Here you can use the following resource

resource "citrixadc_nsconfig_save" "tf_ns_save" {
    all       = true
    timestamp = timestamp()
}

Using the “timestamp()” operator means that Terraform will automatically apply the current timestamp when running apply, as seen by inspecting the Terraform state file.

It should be noted that since terraform applies configuration in random order, you should define this resource as an independent configuration that is deployed as the last step as part of an automated pipeline.

You can of course use the depends_on operator,

depends_on = [
   citrixadc_nstcpprofile.adcprofile,
]

but that means it would need to apply this to every single command.

Once you have defined the configuration you (as the example I have above, will only deploy a custom TCP profile) which can be seen as the last entry here.

And that the configuration is saved to the local disk.

 

 

Leave a Reply

Scroll to Top