Citrix Netscaler Scripting

Hi,

First a note: For automation purposes of a Netscaler, the best way is to integrate with the Netscaler NITRO API. http://support.citrix.com/proddocs/topic/netscaler-main-api-10-map/ns-nitro-wrapper-con.html Having said that, let's continue,

In a former post i'd described a scenario to execute a Netscaler 'script' remotely from a Linux based host against a remote Netscaler Command Line. http://ronnyholtmaat.nl/configuring-citrix-netscaler-using-ssh-from-a-remote-computer/

Now, here is an example. It's for loadbalancing Citrix XML Service.
Config notes: None Secure over HTTP (not HTTPS). Monitoring the XML Service by means of HTTP (there also is a dedicated XML monitor) If you don't utilize Netscaler traffic domains, remove the variables (everywhere) in the config and you're good to go. Download the script here: ns_ctx_controller_post.sh
----------BASH SCRIPT----------

#!/bin/bash

# Citrix Netscaler v 10.5 configuration script.
#
# Ronny Holtmaat
# September 2014
# info @ ronnyholtmaat.nl
#
# USAGE: THIS SCRIPT IS FOR LOADBALANCING 'CITRIX DESKTOP DELIVER CONTROLLER'
# NOTE: There needs to be a basic netscaler config with 'correct' features and DNS enabled 

#Netscaler VPX Instances and loadbalanced Virtual Servers are deployed in a Two Arm mode.
#This script can also be used for a One arm deployment (load balancing in same subnet) 
#For One Arm: load balancing backend (be) en frontend (fe) SNIP need to be in the same 
#VLAN/IP Subnet then use identical SNIP, TD, VLAN and MASK values
#BASH Variables
#A Traffic Domain (Routing Domain) segments and isolates network traffic.
ns_td=33 #Traffic Domain, valid range: 0-4094;
ns_td_gw=33.33.33.254 #Traffic Domain Gateway, one per TD.
#Backend networking
be_snip=33.33.33.33 #SNIP for back-end servers. One SNIP per IP subnet is needed.
be_snip_mask=255.255.255.0 #SNIP subnet-mask for back-end servers.
be_vlan=33 #0-4094 #VLAN for for back-end servers.
#Frontend networking
fe_snip=66.66.66.64 #SNIP for front-end virtual server [1 per subnet]
fe_snip_mask=255.255.255.0 #NSIP subnet-netmask for front-end virtual server
fe_vip=66.66.66.65 #VIP for front-end virtual server [multiple per subnet] 
fe_vlan=66 #0-4094 #VLAN for LB front-end virtual server
#Backend 'to loadbalance' Server (no white space in HOSTNAME/FQDN)
ns_srv1="dnssrv1.rhcs.lab" #FQDN, needs to be DNS Resolvable. [if variable is not in use fill with "@empty" string]
ns_srv2="dnssrv2.rhcs.lab"
ns_srv3="dnssrv3.rhcs.lab"
ns_srv4="dnssrv4.rhcs.lab"
ns_srv5="dnssrv5.rhcs.lab"
ns_srv6="dnssrv6.rhcs.lab"

#Utilizing @empy string will cause 'syntax errors' but the script will continue with a 'correct' execution.
#Normally this can be solved by utilizing IF/OR and WHILE logic. But these features are not accessible in a Netscaler Command Line
ns_srv_grp="vip.dns.fqdn.nl" #Service Group Name; Collection of upper servers
ns_lb_vrt_srv="vip.dns.fqdn.nl" #Virtual Server Name; LB Virtual Server connected to '$fe_vip'
#automatic/manual login to netscaler vpx/mpx // certs // expect? ->> for now you need tot punch in a password
echo "Netscaler VPX (instance) configuration"
#NOTE 192.168.2.214 needs to be changed to you're NSIP / Management Interface IP
ssh -T nsroot@192.168.2.241 << EOF
add ns trafficDomain $ns_td -aliasName $ns_td #Add traffic domain
add vlan $be_vlan -aliasName $be_vlan #Add VLAN for backend (to loadbalance) servers 
add vlan $fe_vlan -aliasName $fe_vlan #Add VLAN for frontend (Netscaler LB Virtual Server)
add ns ip $be_snip $be_snip_mask -vServer DISABLED -gui DISABLED -td $ns_td #Add SNIP for backend (to loadbalance) servers 
add ns ip $fe_snip $fe_snip_mask -vServer DISABLED -gui DISABLED -td $ns_td #Add SNIP for frontend (Netscaler LB Virtual Server)
add ns ip $fe_vip 255.255.255.255 -type VIP -td $ns_td #Add VIP. The mask is always /32 CIDR
bind ns trafficDomain $ns_td -vlan $be_vlan #Bind TD to SNIP VLAN
bind ns trafficDomain $ns_td -vlan $fe_vlan #Bind TD to SNIP VLAN

#!! You will need to change the interface bindings of a VLAN !!!!
bind vlan $be_vlan -ifnum LA/1 -tagged #Bind back-end VLAN to LA 
bind vlan $be_vlan -IPAddress $be_snip $be_snip_mask -td $ns_td #Bind back-end VLAN to back-end SNIP
bind vlan $fe_vlan -ifnum LA/1 -tagged #Bind front-end VLAN to LA
bind vlan $fe_vlan -IPAddress $fe_snip $fe_snip_mask -td $ns_td #Bind VIP VLAN to VIP
#ADD Default Route to Traffic Domain
add route 0.0.0.0 0.0.0.0 $ns_td_gw -td $ns_td
#ADD (to loadbalance)Servers to Netscaler
#EXAMPLE: add server 661.rhcs.lab 66.66.66.61 -td 66
add server $ns_srv1 $ns_srv1 -td $ns_td
add server $ns_srv2 $ns_srv2 -td $ns_td
add server $ns_srv3 $ns_srv3 -td $ns_td
add server $ns_srv4 $ns_srv4 -td $ns_td
add server $ns_srv5 $ns_srv5 -td $ns_td
add server $ns_srv6 $ns_srv6 -td $ns_td
#ADD Service Group Netscaler
#EXAMPLE: add serviceGroup 6666SVGroup HTTP -td 66 -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-For -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup $ns_srv_grp HTTP -td $ns_td -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
#ADD Load Balancing Virtual Server to Netscaler
#EXAMPLE: add lb vserver 66_VirtualServer HTTP 66.66.66.67 80 -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 180 -td 66
add lb vserver $ns_lb_vrt_srv HTTP $fe_vip 80 -persistenceType NONE -lbMethod ROUNDROBIN -cltTimeout 180 -td $ns_td
#BIND Load Balancing Virtual Server to Service Group
#EXAMPLE: bind lb vserver 66_VirtualServer 6666SVGroup
bind lb vserver $ns_lb_vrt_srv $ns_srv_grp
#Set Load Balancing 'default' Monitor adjustments
#EXAMPLE: set lb monitor name type
#Add Load Balancing 'custom' Monitor
#EXAMPLE: add lb monitor name type
#BIND Service Group to Servers
#EXAMPLE:bind serviceGroup 6666SVGroup 661.rhcs.lab 80
bind serviceGroup $ns_srv_grp $ns_srv1 80
bind serviceGroup $ns_srv_grp $ns_srv2 80
bind serviceGroup $ns_srv_grp $ns_srv3 80
bind serviceGroup $ns_srv_grp $ns_srv4 80
bind serviceGroup $ns_srv_grp $ns_srv5 80
bind serviceGroup $ns_srv_grp $ns_srv6 80
#BIND Service Group to Default/Custom Monitor
#EXAMPLE: bind serviceGroup 6666SVGroup -monitorName http
bind serviceGroup $ns_srv_grp -monitorName http-ecv
#BIND SSL ServiceGroup to SSL Certificate (CertKeyName)
#EXAMPLE: bind ssl serviceGroup "exchange webmail-ssl.rhcs.lab" -certkeyName wildcard4
#EXAMPLE: bind ssl serviceGroup "exchange webmail-ssl.rhcs.lab" -certkeyName rhcs-root-ca -CA -ocspCheck Optional
#BIND ECC SSL Cert (not in use, skip?)
#EXAMPLE: bind ssl vserver "exchange webmail-ssl.rhcs.lab" -eccCurveName P_256
exit #Ending of netscaler configuration file
exit
EOF