Nagesh Mallappa

NetScaler BLX is a Linux Software form-factor of NetScaler ADC, which runs natively on the Linux Kernel irrespective of the underlying environment . It is designed to run natively on bare-metal-Linux on commercial off-the-shelf servers (COTS). Following are the benefits of using a NetScaler BLX appliance: Cloud-ready.Easy-Management.Seamless third-party tools integration.Coexistence of other applications.DPDK Support.Why is there a need for a bare metal version of NetScaler ?NetScaler BLX appliances provide simplicity with no virtual machine overhead for better performance. Also, you can run a NetScaler BLX appliance on your preferred server hardware.Use Cases - High traffic load, mission critical applications, latency sensitive workload, North-South traffic.Characteristics - Lightweight software package and no VM overhead.BLX Deployment using Terraform GuideHashiCorp Terraform is an infrastructure-as-code software tool used to orchestrate and manage IT infrastructure, including networking. Terraform codifies infrastructure into declarative configuration files for easier provisioning, compliance, and management. Terraform provider CitrixBLX allows users to bring-up any number of NetScaler BLX instances in shared and DPDK modes (supporting both Intel & Mellanox Interfaces ). Along with Citrix ADC Terraform provider, it allows users to configure ADC BLX’s for various use-cases such as global server load balancing, web application firewall policies, and more. With Terraform, you can share and reuse your NetScaler configurations across your environments — a key time saver when migrating applications from your data center to any public cloud. A. Setting up Requirements - Setting up Terraform Client & Installing GO [Terraform] (https://www.terraform.io/downloads.html) 0.10.x [Go] (https://golang.org/doc/install) 1.11 (to build the provider plugin) After installing GO, set PATH & GOPATH accordingly export PATH=$PATH:/usr/local/go/bin export GOPATH=/root/go/ B. Terraform plugin to Deploy BLX Terraform provider for NetScaler BLX is not available through terrform.registry.io as of now. Hence users have to install the provider manually. Clone repository to: $GOPATH/src/github.com/citrix/terraform-provider-blx $ git clone git@github.com:citrix/terraform-provider-citrixblx $ GOPATH/src/github.com/citrix/terraform-provider-blx Enter the provider directory and build the provider $ cd $GOPATH/src/github.com/citrix/terraform-provider-blx $ make build Navigating the repository citrixblx folder - Contains the citrixblx resource file and modules leveraged by Terraform. examples folder - Contain the examples for users to deploy BLX. 2. Create a following directory in your local machine and save the NetScaler terraform binary. e.g. in Ubuntu machine. Note that the directory structure has to be same as below, you can edit the version -0.0.1 to the NetScaler version you downloaded. mkdir -p /home/user/.terraform.d/plugins/registry.terraform.io/citrix/citrixblx/0.0.1/linux_amd64Copy the terraform-provider-citrixblx to the above created folder as shown belowcp $GOPATH/bin/terraform-provider-citrixblx /home/user/.terraform.d/plugins/registry.terraform.io/citrix/citrixblx/0.0.1/linux_amd64[/code] C. Get Started on using terraform to deploy Netscaler BLXIn order to familiarize with Netscaler BLX deployment through terraform, lets get started with basic configuration of setting up a dedicated mode BLX in Terraform. Network mode of a NetScaler BLX appliance defines whether the NIC ports of the Linux host are shared or not shared with other Linux applications running on the host. A NetScaler BLX appliance can be configured to run on one of the following network modes: Shared mode - A NetScaler BLX appliance configured to run in shared mode, shares the Linux host NIC ports with other Linux applications. Dedicated mode - A NetScaler BLX appliance configured in dedicated mode has dedicated Linux host NIC ports and it does not share the ports with other Linux applications. In our below Deployment case, we will bring up BLX in Simple Shared mode, similarly we have provider.tf & resources.tf to bring up BLX in – DPDK Mode ( Step inside blx-dedicated directory in examples folder )DPDK Mode for Mellanox Interfaces ( Step inside blx-mlx directory in examples folder )Secured way by not disclosing BLX Password ( Step inside blx-sensitive-pass in examples folder ).1. Now navigate to examples folder as below. Here you can find many ready to use examples for you to get started: cd $GOPATH/src/github.com/citrix/terraform-provider-blx/examples Lets deploy a simple shared mode NetScaler BLX. cd terraform-provider-citrixblx/examples/simple-blx-shared/ 2. Provider.tf contains the details of the target Citrix ADC. Edit the simple-blx-shared/provider.tf as follows. For Terraform version > 0.13 edit the provider.tf as follows - terraform { required_providers { citrixblx = { source = "citrix/citrixblx" } } } provider "citrixblx" { } For terraform version < 0.13, edit the provider.tf as follows – provider "citrixblx" { } 3. Resources.tf contains the desired state of the resources that you want to manage through terraform. Here we want to create a shared mode blx. Edit the simple-blx-shared/resources.tf with your configuration values – source path of BLX packages to be installed, host ip address, host username, host password, blx password as below. resource "citrixblx_adc" "blx_1" { source = "/root/blx-rpm-13.1-27.59.tar.gz" host = { ipaddress = "10.102.174.76" username = "user" password = " DummyHostPass " } config = { worker_processes = "3" } password = DummyPassword}resource "citrixblx_adc" "blx_2" { source = "/root/blx-rpm-13.1-27.59.tar.gz" host = { ipaddress = "10.102.56.25" username = "user" password = " DummyHostPass " } config = { worker_processes = "1" } password = var.blx_password}[/code] 4 . Once the provider.tf and resources.tf is edited and saved with the desired values in the simple-blx-shared folder, you are good to run terraform and configure NetScaler. Initialize the terraform by running terraform-init inside the simple_blx-shared folder as follow: terraform-provider-citrixblx/examples/simple-blx-shared$ terraform init You should see following output if terraform was able to successfully find citrix blx provider and initialize it - Initializing the backend... Initializing provider plugins... - Reusing previous version of hashicorp/citrixblx from the dependency lock file - Installing hashicorp/citrixblx v0.0.1... - Installed hashicorp/citrixblx v0.0.1 (unauthenticated) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. 5. To view the changes that will be done to your NetScaler configurations, run terraform-plan # citrixblx_adc.blx_1 will be created + resource "citrixblx_adc" "blx_1" { + config = { + "worker_processes" = "3" } + host = { + "ipaddress" = "10.102.174.76" + "password" = "freebsd" + "username" = "root" } + id = (known after apply) + password = (sensitive) + source = "/root/blx-rpm-13.1-27.59.tar.gz" } # citrixblx_adc.blx_2 will be created + resource "citrixblx_adc" "blx_2" { + config = { + "worker_processes" = "1" } + host = { + "ipaddress" = "10.102.56.25" + "password" = "freebsd" + "username" = "root" } + id = (known after apply) + password = (sensitive) + source = "/root/blx-rpm-13.1-27.59.tar.gz" } 6. Terraform apply – To apply the Infrastructure end to end – Install & Bring up BLX terrafrom-apply citrixblx_adc.blx_2: Creating... citrixblx_adc.blx_1: Creating... citrixblx_adc.blx_1: Still creating... [10s elapsed] citrixblx_adc.blx_2: Still creating... [10s elapsed] citrixblx_adc.blx_2: Still creating... [20s elapsed] citrixblx_adc.blx_1: Still creating... [20s elapsed] citrixblx_adc.blx_1: Still creating... [30s elapsed] citrixblx_adc.blx_2: Still creating... [30s elapsed] . . citrixblx_adc.blx_1: Creation complete after 2m52s [id=10.102.174.76] citrixadc_nsip.nsip: Creating... citrixadc_service.tf_service: Creating... citrixadc_nsfeature.nsfeature: Creating... citrixadc_lbvserver.tf_lbvserver: Creating... citrixadc_nsfeature.nsfeature: Creation complete after 0s [id=tf-nsfeature-20220810125911768300000001] citrixadc_nsip.nsip: Creation complete after 0s [id=192.168.2.55] citrixadc_service.tf_service: Creation complete after 0s [id=tf_service] citrixadc_lbvserver.tf_lbvserver: Creation complete after 0s [id=tf_lbvserver] citrixadc_lbvserver_service_binding.tf_binding: Creating... citrixadc_lbvserver_service_binding.tf_binding: Creation complete after 0s [id=tf_lbvserver,tf_service] citrixblx_adc.blx_2: Still creating... [3m0s elapsed] citrixblx_adc.blx_2: Still creating... [3m10s elapsed] citrixblx_adc.blx_2: Still creating... [3m20s elapsed] citrixblx_adc.blx_2: Still creating... [3m30s elapsed] citrixblx_adc.blx_2: Still creating... [3m40s elapsed] citrixblx_adc.blx_2: Still creating... [3m50s elapsed] citrixblx_adc.blx_2: Still creating... [4m0s elapsed] citrixblx_adc.blx_2: Creation complete after 4m7s [id=10.102.56.25] D. Configuring BLX for Load Balancing Use Case Citrix ADC Terraform provider allows users to configure ADCs for various use-cases such as global server load balancing, web application firewall policies, and more. Here we will look how to integrate both plugins to configure BLX – Edit the simple-blx-shared/provider.tf as follows and add details of your target adc provider "citrixadc" { endpoint = "http://10.102.174.76:9080" username = "user" password = "DummyPassword "} 2. Add config.tf section which specifies configuration details to be applied on NetScaler BLX. Here notice depends on variable used to apply configuration on a particular BLX Instance. In below example config.tf , LB vserver configurations are applied on BLX Instance blx_1. resource "citrixadc_nsip" "nsip" { ipaddress = "192.168.2.55" type = "VIP" netmask = "255.255.255.0" icmp = "ENABLED" depends_on = [ citrixblx_adc.blx_1 ] state = "ENABLED" } resource "citrixadc_nsfeature" "nsfeature" { lb = true depends_on = [ citrixblx_adc.blx_1 ] } resource "citrixadc_lbvserver" "tf_lbvserver" { ipv46 = "10.10.10.33" name = "tf_lbvserver" port = 80 depends_on = [ citrixblx_adc.blx_1 ] servicetype = "HTTP" } resource "citrixadc_service" "tf_service" { name = "tf_service" ip = "192.168.43.33" depends_on = [ citrixblx_adc.blx_1 ] servicetype = "HTTP" port = 80 } resource "citrixadc_lbvserver_service_binding" "tf_binding" { name = citrixadc_lbvserver.tf_lbvserver.name servicename = citrixadc_service.tf_service.name weight = 1 } 3. Post above config scripts, user needs to do Terraform plan and apply. 4. Terraform destroy – To destroy the infrastructure. [root@localhost simple-blx-shared]# terraform destroy citrixblx_adc.blx_2: Refreshing state... [id=10.102.56.25] citrixblx_adc.blx_1: Refreshing state... [id=10.102.174.76] citrixadc_nsip.nsip: Refreshing state... [id=192.168.2.55] citrixadc_nsfeature.nsfeature: Refreshing state... [id=tf-nsfeature-20220810125911768300000001] citrixadc_service.tf_service: Refreshing state... [id=tf_service] citrixadc_lbvserver.tf_lbvserver: Refreshing state... [id=tf_lbvserver] citrixadc_lbvserver_service_binding.tf_binding: Refreshing state... [id=tf_lbvserver,tf_service] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy citrixblx_adc.blx_2: Destroying... [id=10.102.56.25] citrixadc_lbvserver_service_binding.tf_binding: Destroying... [id=tf_lbvserver,tf_service] citrixadc_nsfeature.nsfeature: Destroying... [id=tf-nsfeature-20220810125911768300000001] citrixadc_nsip.nsip: Destroying... [id=192.168.2.55] citrixadc_nsfeature.nsfeature: Destruction complete after 0s citrixadc_lbvserver_service_binding.tf_binding: Destruction complete after 0s citrixadc_service.tf_service: Destroying... [id=tf_service] citrixadc_lbvserver.tf_lbvserver: Destroying... [id=tf_lbvserver] citrixadc_service.tf_service: Destruction complete after 0s citrixadc_nsip.nsip: Destruction complete after 0s citrixadc_lbvserver.tf_lbvserver: Destruction complete after 1s citrixblx_adc.blx_1: Destroying... [id=10.102.174.76] citrixblx_adc.blx_2: Still destroying... [id=10.102.56.25, 10s elapsed] citrixblx_adc.blx_2: Destruction complete after 10s citrixblx_adc.blx_1: Still destroying... [id=10.102.174.76, 10s elapsed] citrixblx_adc.blx_1: Destruction complete after 10s Destroy complete! Resources: 7 destroyed. Conclusion As we see above, Terraform abstracts the ADC technicalities and makes it easy to codify and integrate ADC with other applications. You can use the Terraform Netscaler BLX Provider and CitrixADC Terraform integrated solution for end to end Netscaler BLX deployments as is or customize it as per requirements. Citrix ADC Terraform modules enable an infrastructure-as-code approach and seamlessly integrate with your automation environment to provide self-service infrastructure. ReferencesBLX Documentation – https://docs.citrix.com/en-us/citrix-adc-blx/current-release.htmlTerraform provider for BLX – https://github.com/citrix/terraform-provider-citrixblxTerraform provider to configure ADC - https://registry.terraform.io/providers/citrix/citrixadc/latest/docs