Terraform Provider for Citrix NetScaler
This project is a terraform custom provider for Citrix NetScaler. It uses the Nitro API to create/configure NetScaler resources and bindings. This project is largely inspired from chiradeep's work terraform-provider-netscaler. The implementation is completely different though.
Important note: The provider will not commit the config changes to NetScaler's persistent store.
-
Copy the binary (either from the build or from the releases page)
terraform-provider-netscaler
to an appropriate location.Configure
.terraformrc
to use thenetscaler
provider. An example.terraformrc
:
providers {
netscaler = "<path-to-custom-providers>/terraform-provider-netscaler"
}
- Run
terraform
as usual
terraform plan
terraform apply
- The provider will not commit the config changes to NetScaler's persistent store. To do this, run the shell script
ns_commit.sh
:
export NS_URL=http://<host>:<port>/
export NS_USER=nsroot
export NS_PASSWORD=nsroot
./ns_commit.sh
To ensure that the config is saved on every run, we can use something like terraform apply && ns_commit.sh
provider "netscaler" {
username = "${var.ns_user}"
password = "${var.ns_password}"
endpoint = "http://10.71.136.250/"
}
We can use a https
URL and accept the untrusted authority certificate on the NetScaler by specifying insecure_skip_verify = true
The following arguments are supported.
username
- This is the user name to access to NetScaler. Defaults tonsroot
unless environment variableNS_LOGIN
has been setpassword
- This is the password to access to NetScaler. Defaults tonsroot
unless environment variableNS_PASSWORD
has been setendpoint
- (Required) Nitro API endpoint in the formhttp://<NS_IP>/
orhttp://<NS_IP>:<PORT>/
. Can be specified in environment variableNS_URL
insecure_skip_verify
- (Optional, true/false) Whether to accept the untrusted certificate on the NetScaler when the NetScaler endpoint ishttps
The username, password and endpoint can be provided in environment variables NS_LOGIN
, NS_PASSWORD
and NS_URL
.
- appflowaction
- appflowcollector
- appflowpolicy
- appflowpolicylabel
- appfwpolicy
- appqoeaction
- appqoepolicy
- auditnslogaction
- auditnslogpolicy
- auditsyslogaction
- auditsyslogpolicy
- authorizationpolicy
- authorizationpolicylabel
- caaction
- cachecontentgroup
- cachepolicy
- cachepolicylabel
- capolicy
- cmpaction
- cmppolicy
- cmppolicylabel
- csaction
- cspolicy
- cspolicylabel
- csvserver
- dbdbprofile
- dnsaction64
- dnspolicy64
- dnsprofile
- dospolicy
- feoaction
- feopolicy
- filteraction
- filterpolicy
- lbgroup
- lbmetrictable
- lbmonitor
- lbprofile
- lbvserver
- lbwlm
- netprofile
- nshttpprofile
- nstcpprofile
- policydataset
- policyexpression
- policypatset
- policystringmap
- pqpolicy
- responderaction
- responderpolicy
- responderpolicylabel
- rewriteaction
- rewritepolicy
- rewritepolicylabel
- scpolicy
- server
- service
- servicegroup
- spilloveraction
- spilloverpolicy
- tmsessionaction
- tmsessionpolicy
- tmtrafficaction
- tmtrafficpolicy
- transformaction
- transformpolicy
- transformpolicylabel
- transformprofile
- videooptimizationaction
- videooptimizationpolicy
- videooptimizationpolicylabel
- appflowglobal_appflowpolicy_binding
- appflowpolicylabel_appflowpolicy_binding
- authorizationpolicylabel_authorizationpolicy_binding
- cspolicylabel_cspolicy_binding
- csvserver_appflowpolicy_binding
- csvserver_appfwpolicy_binding
- csvserver_appqoepolicy_binding
- csvserver_auditnslogpolicy_binding
- csvserver_auditsyslogpolicy_binding
- csvserver_authorizationpolicy_binding
- csvserver_cachepolicy_binding
- csvserver_cmppolicy_binding
- csvserver_cspolicy_binding
- csvserver_feopolicy_binding
- csvserver_filterpolicy_binding
- csvserver_responderpolicy_binding
- csvserver_rewritepolicy_binding
- csvserver_spilloverpolicy_binding
- csvserver_tmtrafficpolicy_binding
- csvserver_transformpolicy_binding
- lbmetrictable_metric_binding
- lbmonitor_metric_binding
- lbmonitor_sslcertkey_binding
- lbvserver_appflowpolicy_binding
- lbvserver_appfwpolicy_binding
- lbvserver_appqoepolicy_binding
- lbvserver_auditnslogpolicy_binding
- lbvserver_auditsyslogpolicy_binding
- lbvserver_authorizationpolicy_binding
- lbvserver_cachepolicy_binding
- lbvserver_capolicy_binding
- lbvserver_cmppolicy_binding
- lbvserver_dnspolicy64_binding
- lbvserver_feopolicy_binding
- lbvserver_filterpolicy_binding
- lbvserver_pqpolicy_binding
- lbvserver_responderpolicy_binding
- lbvserver_rewritepolicy_binding
- lbvserver_scpolicy_binding
- lbvserver_service_binding
- lbvserver_servicegroup_binding
- lbvserver_spilloverpolicy_binding
- lbvserver_tmtrafficpolicy_binding
- lbvserver_transformpolicy_binding
- lbvserver_videooptimizationpolicy_binding
- policydataset_value_binding
- policypatset_pattern_binding
- policystringmap_pattern_binding
- service_dospolicy_binding
- service_lbmonitor_binding
- service_scpolicy_binding
- servicegroup_lbmonitor_binding
- servicegroup_servicegroupmember_binding
- sslvserver_ecccurve_binding
- sslvserver_sslcertkey_binding
- sslvserver_sslciphersuite_binding
Terraform is useful for maintaining desired state for a set of resources. It is less useful for tasks such as network configuration which don't change. Network configuration is like using a provisioner inside Terraform. The directory examples/remote-exec
show examples of how Terraform can use ssh to accomplish these one-time tasks.
- You have (some) experience with Terraform, the different provisioners and providers that come out of the box, its configuration files, tfstate files, etc.
- You are comfortable with the Go language and its code organization.
- Install
terraform
from https://www.terraform.io/downloads.html - Install
dep
(https://github.com/golang/dep) - Check out this code:
git clone https://<>
- Build this code using
make build
See the examples
directory for various LB topologies that can be driven from this terraform provider.