• Stars
    star
    118
  • Rank 299,923 (Top 6 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 8 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Part of NetScaler Automation Toolkit | https://github.com/netscaler/automation-toolkit

Terraform Citrix ADC Provider

Citrix has developed a custom Terraform provider for automating Citrix ADC deployments and configurations. Using Terraform, you can custom configure your ADCs for different use-cases such as Load Balancing, SSL, Content Switching, GSLB, WAF etc.

Learn more about Citrix ADC Automation here

๐Ÿ“For deploying Citrix ADC in Public Cloud - AWS and Azure, check out cloud scripts in github repo terraform-cloud-scripts.

โœ‰๏ธ For any immediate issues or help , reach out to us at [email protected] !

Terrraform Provider Documentation

  1. Why Terraform for Citrix ADC ?
  2. Navigating Repository
  3. Understanding Provider Configuration
  4. Understanding Resource Configuration
  5. General guidelines on ADC configurations
  6. Commiting changes to Citrix ADC's persistent store
  7. List of ADC use-cases supported through Terraform
  8. Using remote-exec for one-time tasks

Beginners Guide to Automating ADC with Terraform

  1. Hands-on lab with ADC automation with Terraform
  2. Install Terraform in your own setup
  3. Understanding the ADC terraform provider repository)
  4. Get your first terraform config into ADC
  5. How to write terraform resources file for ADC
  6. Set up SSL-Offloading use-case in ADC
  7. Committing changes to Citrix ADC's persistent store
  8. Managing ADC configs drifts in terraform
  9. Importing ADC configs into Terraform resources file

Advanced guide on Automating ADC with Terraform

  1. Deploy ADC in AWS using Terraform
  2. Leveraging Terraform workspaces to manage multiple ADCs
  3. Dynamically updates Services using Consul-Terraform-Sync
  4. Blue-Green Deployment with Citrix ADC and Azure Pipelines

Why Terraform for Citrix ADC ?

Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services.Terraform codifies cloud APIs into declarative configuration files. Terraform can be used to deploy and configure ADC. Configuring Citrix ADC through Terraform provides multiple benefits.

  1. Infrastucture as Code approach to ADC -You can store the ADC configs in scm tools like GitHub and version and track it like just other code repositories you have.
  2. Declarative Approach to ADC automation - Users just need to defined the target state of ADC. ADC terraform resources will make the appropriate API calls to achieve the target state.
  3. ADC resources files in Terraform are human friendly and easy to understand.
  4. Abstract away the complexity associated with Citrix ADC internals architecture.
  5. Detect the configuration drifts on ADC through Terraform easily.

Navigating the repository

  1. citrixadc folder - Contains all the ADC resources library that we support through Terraform. These resource libraries will internally call NITRO APIS to configure target ADC.
  2. examples folder - Contain the examples for users to use various ADC resources e.g simple_lb folder contains the resources.tf that illustrates how citrixadc_lbvserver resource can be used to create a Load Balancing vserver on target ADC. Similarly , different folders contains examples on defining different resources. Users are expected to review these examples and define their desired ADC configurations.
  3. docs folder` - https://github.com/citrix/terraform-provider-citrixadc/tree/master/docs/resources - contains the documentation of all resources confgirations supported through Terraform. Refer this to understand the different arguments, values that a particular resource takes.

Understanding Provider Configuration

provider.tf contains the information on target ADC where you want to apply configuration.

provider "citrixadc" {
    username = "${var.ns_user}"  # You can optionally use `NS_LOGIN` environment variables.
    password = "${var.ns_password}"  # You can optionally use `NS_PASSWORD` environment variables.
    endpoint = "http://10.71.136.250/"  # You can optionally use `NS_URL` environment variables.
}

We can use a https URL and accept the untrusted authority certificate on the Citrix ADC by specifying insecure_skip_verify = true

To use https without the need to set insecure_skip_verify = true follow this guide on how to replace the default TLS certificate with one from a trusted Certifcate Authority.

Use of https is preferred. Using http will result in all provider configuration variables as well as resource variables to be transmitted in cleartext. Anyone observing the HTTP data stream will be able to parse sensitive values such as the provider password.

Avoid storing provider credentials in the local state by using a backend that supports encryption. The hasicorp vault provider is also recommended for storing sensitive data.

You can also use environment variables as stated in the comments above.

The following arguments are supported.

  • username - This is the user name to access to Citrix ADC. Defaults to nsroot unless environment variable NS_LOGIN has been set
  • password - This is the password to access to Citrix ADC. Defaults to nsroot unless environment variable NS_PASSWORD has been set
  • endpoint - (Required) Nitro API endpoint in the form http://<NS_IP>/ or http://<NS_IP>:<PORT>/. Can be specified in environment variable NS_URL
  • insecure_skip_verify - (Optional, true/false) Whether to accept the untrusted certificate on the Citrix ADC when the Citrix ADC endpoint is https
  • proxied_ns - (Optional, NSIP) The target Citrix ADC NSIP for MAS proxied calls. When this option is defined, username, password and endpoint must refer to the MAS proxy.

The username, password and endpoint can be provided in environment variables NS_LOGIN, NS_PASSWORD and NS_URL.

Resource Configuration

Resources.tf contains the desired state of the resources that you want on target ADC. E.g. For creating a Load Balancing vserver in ADC following resource.tf contains the desired configs of lbvserver

citrixadc_lbvserver

resource "citrixadc_lbvserver" "foo" {
  name = "sample_lb"
  ipv46 = "10.71.136.150"
  port = 443
  servicetype = "SSL"
  lbmethod = "ROUNDROBIN"
  persistencetype = "COOKIEINSERT"
  sslcertkey = "${citrixadc_sslcertkey.foo.certkey}"
  sslprofile = "ns_default_ssl_profile_secure_frontend"
}

In order to understand the arguments, possible values, and other arguments available for a given resource, refer the NITRO API documentation https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/configuration/load-balancing/lbvserver/lbvserver/ and the Terraform documentation such as https://github.com/citrix/terraform-provider-citrixadc/blob/master/docs/resources/lbvserver.md .

the attribute state is not synced with the remote object. If the state of the lb vserver is out of sync with the terraform configuration you will need to manually taint the resource and apply the configuration again.

General guidelines on configuring ADC

The subfolders in the example folder contains examples of different ADC configurations through terraform. Refer to simple_lb example to understand below structure and usage.

Structure
  • resources.tf describes the actual NetScaler config objects to be created. The attributes of these resources are either hard coded or looked up from input variables in terraform.tfvars
  • variables.tf describes the input variables to the terraform config. These can have defaults
  • provider.tf is used to specify the username, password and endpoint of the NetScaler. Alternatively, you can set the NS_URL, NS_LOGIN and NS_PASSWORD environment variables.
  • terraform.tfvars has the variable inputs specified in variables.tf

Using

  • Modify the terraform.tfvars and provider.tf to suit your own NetScaler deployment.
  • Use terraform plan and terraform apply to configure the NetScaler.

Updating your configuration

Modify the set of backend services and use terraform plan and terraform apply to verify the changes

Commiting changes to Citrix ADC's persistent store

The provider will not commit the config changes to Citrix ADC's persistent store. To do this, run the shell script ns_commit.sh:

export NS_URL=http://<host>:<port>/
export NS_LOGIN=nsroot
export NS_PASSWORD=nsroot
./ns_commit.sh

To ensure that the config is saved on every run, we can use something like terraform apply && ns_commit.sh

ADC Use-Case supported through Terraform

List of Use-Cases supported in ADC can be found in here https://registry.terraform.io/providers/citrix/citrixadc/latest/docs .

Using remote-exec for one-time tasks

Terraform is useful for maintaining desired state for a set of resources. It is less useful for tasks such as network configuration which don't change. Network configuration is like using a provisioner inside Terraform. The directory examples/remote-exec show examples of how Terraform can use ssh to accomplish these one-time tasks.


Beginners Guide to ADC Automation with Terraform

Hands-on lab with ADC automation with Terraform

Try out our Hands on Lab to experience whats it like using Terraform for ADC.

Install Terraform in your own setup

First step to using Terraform for ADC is to install Terraform CLI. Refer the Hashicorp documentation for installing Terraform CLI for your own environment.

Understanding the ADC terraform provider repository

Refer the Navigating our repository section

Get your first terraform config into ADC

Follow the article on Getting started with Terraform on NetScaler to get your first configuration

How to write terraform resources file for ADC

To write the Terraform resources for Citrix ADC, refer the following links NITRO API documentation or terraform registry documentation.

Set up SSL-Offloading use-case in ADC

Here is the Terraform Templatethat you follow to configure SSL Offloading.

Committing changes to Citrix ADC's persistent store

Refer the commiting changes section

Managing ADC configs drifts in terraform

You want to see the current state of ADC entities in Terraform

  • Use terraform refresh to update your local terraform state file to match with existing ADC state
  • Use terraform show to show the current state for your entire configuration
  • Use terraform state list to show the resources that are being tracked/managed via Terraform
  • To inspect a particular entity use terraform state show <entity_name> e.g. terraform state show citrixadc_servicegroup.tf_servicegroup

If you want to override the ADC configuration with the configs you have in Terraform resource file then

  • You can run terraform plan to see the drifts/diff between the two state
  • Run terraform apply to push the desired configs( in your Terraform resource file) to your ADC.

Update your terraform state file to reflect the current/true state of ADC

  • Use terraform refresh to update your local terraform state file to match with existing ADC state

Importing ADC configs into Terraform resources file

Learn how to import existing NetScaler configurations into Terraform resources here


Advanced guide on Automating ADC with Terraform

Deploy ADC in AWS using Terraform

Refer our terraform cloud scripts for AWS and demo video

Leveraging Terraform workspaces to manage multiple ADCs

TBD

Dynamically updates Services using Consul-Terraform-Sync

Our Consul-Terraform-Sync integration allows users to automatically create, update and delete Service groups in Citrix ADC that are synced with the Consul Terraform Sync framework.

Blue-Green Deployment with Citrix ADC and Azure Pipelines

Integrate ADC and configure it faciliate Blue-Green deployment using Terraform.Check out the solution

More Repositories

1

ioc-scanner-CVE-2019-19781

Indicator of Compromise Scanner for CVE-2019-19781
Shell
58
star
2

ShareFile-PowerShell

C#
47
star
3

terraform-provider-citrix

Terraform Provider for Citrix
Go
45
star
4

Powershell-Scripts

Repository of useful powershell scripts related to Citrix
PowerShell
43
star
5

ShareFile-NET

C# library for accessing ShareFile V3 API
C#
35
star
6

citrix-mcs-sdk-samples

Sample scripts for admins who are using Machine Creation Services (MCS) Provisioning
PowerShell
26
star
7

en-us-tech-zone

Citrix Tech Zone is home for technical, in-depth articles that are inspired and driven by technical communities and enthusiasts.
18
star
8

Citrix-Cloud-ResourceLocation-Arm-Template

This repository contains Azure Resource Manager Templates which can be used to create Resource Location for Citrix XenApp/XenDesktop Service and Citrix XenDesktop Essentials Service
PowerShell
16
star
9

CitrixDeveloper-VSCode

Citrix Developer tools for Visual Studio Code
TypeScript
14
star
10

citrix-mam-sdks

The MAM SDK instrument your apps to enable enforcing policies and controls that are configured in Citrix Endpoint Management.
Java
11
star
11

citrix-cvad-site-deployment-module

PowerShell
10
star
12

CCMSDK-Sample

Powershell Sample for CCM SDK
C#
9
star
13

ShareFile-Javascript

JavaScript
9
star
14

CitrixCloud-ARMTemplates

Azure Resource Manager Templates to aide in onboarding to and lifecycle management in the Azure Cloud.
PowerShell
9
star
15

citrix-virtual-apps-desktops-sdk

8
star
16

PublishURLContent

GUI utility to publish a URL to users through XenApp/XenDesktop
C#
7
star
17

ShareFile-Java

Java
7
star
18

Citrix-Desktop-Notification-Tool-for-Xendesktop

C#
6
star
19

fas-powershell

6
star
20

foreman-cloudstack

Ruby
6
star
21

citrix-mam-sdk-sample-browser-app-ios-objc

This repository contains the iOS Objective-C source code for a sample browser app that uses the MAM SDKs for endpoint management.
Objective-C
6
star
22

storefront-powershell-sdk

HTML
5
star
23

citrix-mam-sdk-sample-browser-app-android-java

This repository contains the Android Java source code for a sample browser app that uses the MAM SDKs for endpoint management.
Java
5
star
24

Remote-PC-Load-Script

A PowerShell script to pre-load computers and pre-assign users to these computers based on an input file in CSV format
PowerShell
5
star
25

Storefront-Outlook

An outlook task pane that displays your Citrix applications
C#
5
star
26

CDFMonitor

C#
5
star
27

Citrix-Cloud-VDI-ARM-Template

This repository contains Azure Resource Manager Templates which can be used to create Citrix Virtual Desktop Infrastructure for both Client OS and Server OS within Azure Resource Group
PowerShell
5
star
28

workspace-linux-oem-guide

4
star
29

citrix-daas-rest-go

Go client for Citrix DaaS Rest API
Go
4
star
30

citrix-mam-sdk-sample-browser-app-xamarin

This repository contains the Android Xamarin Native and Xamarin Forms source code for a sample browser app that uses the MAM SDKs for endpoint management.
C#
4
star
31

StorefrontSample-netcore

A sample web application that demonstrates how to interact with the storefront web api. Build on .NET Core
C#
4
star
32

citrix-mam-sdk-sample-browser-app-android-cordova

This repository contains the Android Cordova source code for a sample browser app that uses the MAM SDKs for endpoint management.
JavaScript
4
star
33

storefront-sdk

CSS
3
star
34

workspace-html5-hdx-sdk

3
star
35

tech-marketing

3
star
36

devdocs-issue-collector

3
star
37

cc-system-log-addon-for-splunk

Python
2
star
38

provisioning-services-powershell-object-programming-guide

2
star
39

citrix.github.io

Citrix Open Source Projects
JavaScript
2
star
40

CitrixDirector-PluginSample

This repository contains the sample code to build Citrix Director Backend Plugins
C#
2
star
41

terraform-provider-citrixitm

Terraform provider for Citrix ITM services
Go
2
star
42

ICOSDK-Sample

Sample Application for ICO SDK
C#
2
star
43

ShareFile-ObjectiveC

Objective-C
2
star
44

Storefront-API-Xamarin-Sample

Mobile sample to shows how to interact with the Storefront API via a Xamarin Forms application
C#
2
star
45

storefront-authentication-sdk

2
star
46

XaXd-SessionStateMonitoring

The Session State Monitor Utility actively monitors remote connections and disconnections in the session for which itโ€™s running. The utility provides the ability to specify custom commands for Disconnect, Reconnect, and Startup. The utility also has the ability to allow the endpoint (client) name to smooth roam in double-hop sessions to the second hop. The utility does this by disconnecting the session from first hop to second hop, updating the appropriate registry key for โ€˜clientnameโ€™, and then reconnecting the disconnected first hop to second hop session.
C#
2
star
47

CitrixCloudConnector-Deployment-Arm-Templates

This repository contains Azure Resource Manager Templates which can be used to create Citrix Cloud Connector within Azure Resource Group
2
star
48

workspace-linux-authentication-manager-configuration

2
star
49

receiver-for-linux-fast-connect-credential-insertion-api

1
star
50

monitoring-api

1
star
51

uberagent-integrations

PowerShell
1
star
52

delivery-controller-sdk

1
star
53

workspace-linux-command-reference

1
star
54

appdna

1
star
55

Storefront-Clientname-template

Storefront-Clientname-template
C#
1
star
56

Storefront-API-Android-Sample

Android sample application that shows how to use the Storefront APIs
Java
1
star
57

ShareFile-Macro-API

JavaScript
1
star
58

hdx-sdk-for-receiver-for-chrome

CSS
1
star
59

workspace-linux-domain-pass-through

1
star
60

workspace-windows-vcsdk

1
star
61

generator-citrix

A Yeoman generator for creating .NET Core apps that target Citrix Netscaler
JavaScript
1
star
62

receiver-for-linux-command-reference

1
star
63

cedexis.github.com

Cedexis Developer Exchange
JavaScript
1
star
64

xa65migrationtool

XA 6.5 to XA 7.x Migration Tool
PowerShell
1
star
65

sample-scripts

A repository that contains scripts that can be used within Citrix documentation.
PowerShell
1
star
66

workspace-linux-storebrowse-password-insertion

1
star
67

citrix-auth-mfa-script-samples

C#
1
star
68

rflinux-oem-guide

1
star
69

storefront-store-services-api

1
star
70

receiver-for-windows-virtual-channel-sdk

1
star
71

receiver-html5-sdk

1
star
72

receiver-for-linux-authentication-manager-configuration

1
star
73

Citrix-Storefront-ApprovalMonitoring

A simple windows application that monitors the storefront database to look for pending applications. When found the application will call an octoblu workflow to help with the approval process.
C#
1
star
74

sd-wan-wanop-api-reference

1
star
75

vmware-migration-kit

These scripts covers the process to migrate VMware Horizon 7.x to Citrix Virtual Apps and Desktops service
PowerShell
1
star
76

provisioning-services-sdk

1
star
77

receiver-for-linux-domain-pass-through

CSS
1
star
78

XDLinuxVdaDeploymentTemplate

Template and supporting scripts used to deploy a Linux VDA VM which can be used as a golden master image to create a machine catalog
Shell
1
star
79

citrix-unified-workspace-api-web-example

Sample web application for the Citrix(R) Unified Workspace API
JavaScript
1
star
80

citrix-unified-workspace-api-spa-example

Sample single-page application for the Citrix(R) Unified Workspace API
JavaScript
1
star
81

citrix-unified-workspace-api-native-example

Sample native application for the Citrix(R) Unified Workspace API
C#
1
star
82

workspace-linux-virtual-channel-sdk

1
star