Deploying Netscaler BLX in Shared mode on RHEL 9.2 , hosted on Xenserver hypervisor.

[Shahzad Siddique 2]

sudo yum install ./blx*rpm

While running "Systemctl start blx" getting below error

root@blx-host blx]# systemctl status blx.service

× blx.service - BLX service

   Loaded: loaded (/usr/lib/systemd/system/blx.service; enabled; preset: disabled)

   Active: failed (Result: exit-code) since Thu 2023-11-09 17:35:27 IST; 19min ago

  Process: 26918 ExecStartPre=/usr/sbin/blx-helper.sh (code=exited, status=0/SUCCESS)

  Process: 27107 ExecStartPre=/bin/bash -c ${CHCON} (code=exited, status=0/SUCCESS)

  Process: 27108 ExecStart=/root/.blx/blx-pre-start.sh (code=exited, status=203/EXEC)

  Process: 27109 ExecStopPost=/root/.blx/blx-post-stop.sh (code=exited, status=0/SUCCESS)

  Process: 27110 ExecStopPost=/bin/bash -c ${RESTORECON} (code=exited, status=0/SUCCESS)

  Process: 27111 ExecStopPost=/bin/rm -rf /root/.blx (code=exited, status=0/SUCCESS)

  Main PID: 27108 (code=exited, status=203/EXEC)

    CPU: 211ms

Nov 09 17:35:26 blx-host blx-helper.sh[26944]: touch: missing file operand

Nov 09 17:35:26 blx-host blx-helper.sh[26944]: Try 'touch --help' for more information.

Nov 09 17:35:26 blx-host blx-helper.sh[26918]: /usr/sbin/blx-helper.sh: line 810: [: too many arguments

Nov 09 17:35:26 blx-host blx-helper.sh[27099]: cat: '': No such file or directory

Nov 09 17:35:26 blx-host systemd[27108]: blx.service: Failed to locate executable /root/.blx/blx-pre-start.sh: Permission denied

Nov 09 17:35:27 blx-host systemd[27108]: blx.service: Failed at step EXEC spawning /root/.blx/blx-pre-start.sh: Permission denied

Nov 09 17:35:27 blx-host systemd[1]: blx.service: Main process exited, code=exited, status=203/EXEC

Nov 09 17:35:27 blx-host systemd[27109]: blx.service: Executable /root/.blx/blx-post-stop.sh missing, skipping: Permission denied

Nov 09 17:35:27 blx-host systemd[1]: blx.service: Failed with result 'exit-code'.

Nov 09 17:35:27 blx-host systemd[1]: Failed to start BLX service.

[Shahzad Siddique 2]

cat /var/log/blx-boot.log > below error

Thu Nov 9 05:35:26 PM IST 2023: Started parsing blx.conf

blx-conf-parser-388: awk -f /usr/sbin/blx-get-block.awk -v block="blx-system-config" /root/.blx/blx-derived.conf

blx-conf-parse-648: Config block interfaces not found.

blx-conf-parse-807: Core Dumps enabled.

blx-conf-parse-815: Using existing core_pattern set in /proc/sys/kernel/core_pattern for core dumps. If you want to use the default pattern mentioned in blx.conf, restart BLX after removing the existing pattern with below command:

    echo '' | tee /proc/sys/kernel/core_pattern

blx-dpdk-nic-parse-1015: All interfaces specified in /etc/blx/blx.conf are not compatible with BLX DPDK, starting BLX in Non-DPDK mode

blx-conf-parser-1037: Enabling net.ipv4.ip_forward=1.

blx-conf-parse-1775: mgmt-ssh-port not specified in blx.conf. blx-ssh will use mgmt-ssh-port:9022

blx-conf-parse-1865: Both mgmt-http-port and mgmt-https-port not specified in blx.conf. blx-web-config will use mgmt-http-port:9080 and mgmt-https-port:9443

blx-conf-parse-2010: BLX listening to ip address configured on host for mgmt access. Ignoring static-routes.

192.0.0.1 is set as ipaddress by default for BLX.

Thu Nov 9 05:35:26 PM IST 2023: Completed parsing blx.conf

[Harihara Sudhan]

@Shahzad Siddique​ 

On RHEL based hosts, Keeping SELinux - Enforcing prevents BLX from starting up.

The fix is expected to be released as part of next 13.1 17.x release.

As a workaround, please disable the SELinux and start the BLX

or

You can try the suggestion mentioned in the following thread

https://community.netscaler.com/s/question/0D58b0000AYZo5LCQT/it-is-possible-to-run-netscaler-adc-blx-when-the-host-linux-selinux-is-configured-to-be-enforcing-

Documentation - https://docs.netscaler.com/en-us/blx/current-release/limitations-blx.html

[Shahzad Siddique 2]

Hi Harihara,

you are correct, while running > /var/log/messages i can see many events showing SElinux is preventing to start blx and their dependencies.

After Running > grubby --update-kernel ALL --args selinux=0 and rebooting linux host i can see SElinux is disabled & now i can able to start blx.

Wants to know how to configure VIp on shared mode, were single nic is configured on linux.

Since it is shared mode of deployment, where i have only single NIC, using IPtable external IP is configured with DNAT rule to access netscaler management on CLI 9022 and GUI 9080.

But not sure how to configure VIP, can you guide on this.

[Harihara Sudhan]

Hi Shahzad

Dedicated mode is recommended for any BLX deployments.

If you are limited by NICs in the host Linux, you can leverage BLX managed mode to function with single NIC while retaining connection to the host system.

https://docs.netscaler.com/en-us/blx/current-release/auto-config-blx

Shared mode is not advisable for production.

[Shahzad Siddique 2]

Hi harihara,

Thanks a lot for clarifying my queries. now I can correlate shared and dedicated mode in BLX