-
Notifications
You must be signed in to change notification settings - Fork 0
/
citrix-adc-backup-mit-ansible.html
74 lines (65 loc) · 16.3 KB
/
citrix-adc-backup-mit-ansible.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<!DOCTYPE html><html lang="de-ch"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Citrix ADC (NetScaler) Backup mit Ansible - Finecloud</title><meta name="description" content="Beschreibung Citrix ADC, bis vor einer Weile noch als Citrix NetScaler bekannt ist eine Netzwerk Appliance welche als Access Gateway und Proxy verwendet werden kann. In diesem Artikel werden wir ein kleines Ansible Playbook schreiben, mit welchem man einen Citrix ADC sichern kann. Als erster…"><meta name="generator" content="Publii Open-Source CMS for Static Site"><link rel="stylesheet" href="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism-black.css"><link rel="canonical" href="https://www.finecloud.ch/citrix-adc-backup-mit-ansible.html"><link rel="alternate" type="application/atom+xml" href="https://www.finecloud.ch/feed.xml"><link rel="alternate" type="application/json" href="https://www.finecloud.ch/feed.json"><meta property="og:title" content="Citrix ADC (NetScaler) Backup mit Ansible"><meta property="og:site_name" content="Finecloud"><meta property="og:description" content="Beschreibung Citrix ADC, bis vor einer Weile noch als Citrix NetScaler bekannt ist eine Netzwerk Appliance welche als Access Gateway und Proxy verwendet werden kann. In diesem Artikel werden wir ein kleines Ansible Playbook schreiben, mit welchem man einen Citrix ADC sichern kann. Als erster…"><meta property="og:url" content="https://www.finecloud.ch/citrix-adc-backup-mit-ansible.html"><meta property="og:type" content="article"><link rel="shortcut icon" href="https://www.finecloud.ch/media/website/finecloud.png" type="image/png"><link rel="stylesheet" href="https://www.finecloud.ch/assets/css/style.css?v=39da73365516a098a9b73b721fc970e2"><script type="application/ld+json">{"@context":"http://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://www.finecloud.ch/citrix-adc-backup-mit-ansible.html"},"headline":"Citrix ADC (NetScaler) Backup mit Ansible","datePublished":"2022-07-08T15:47","dateModified":"2022-07-08T16:13","description":"Beschreibung Citrix ADC, bis vor einer Weile noch als Citrix NetScaler bekannt ist eine Netzwerk Appliance welche als Access Gateway und Proxy verwendet werden kann. In diesem Artikel werden wir ein kleines Ansible Playbook schreiben, mit welchem man einen Citrix ADC sichern kann. Als erster…","author":{"@type":"Person","name":"Finecloud","url":"https://www.finecloud.ch/authors/finecloud/"},"publisher":{"@type":"Organization","name":"Finecloud"}}</script><meta name="google-site-verification" content="seFY9U12uiEq5U3_MyZiX6XWzk0AVFl9zITr2ZKsytY"></head><body><div class="site-container"><header class="top" id="js-header"><a class="logo" href="https://www.finecloud.ch/">Finecloud</a><nav class="navbar js-navbar"><button class="navbar__toggle js-toggle" aria-label="Menu" aria-haspopup="true" aria-expanded="false"><span class="navbar__toggle-box"><span class="navbar__toggle-inner">Menu</span></span></button><ul class="navbar__menu"><li><a href="https://www.finecloud.ch/" target="_self">Blog</a></li><li><a href="https://www.finecloud.ch/tags/" target="_self">Tags</a></li></ul></nav><div class="search"><div class="search__overlay js-search-overlay"><div class="search__overlay-inner"><form action="https://www.finecloud.ch/search.html" class="search__form"><input class="search__input js-search-input" type="search" name="q" placeholder="search..." aria-label="search..." autofocus="autofocus"></form><button class="search__close js-search-close" aria-label="Close">Close</button></div></div><button class="search__btn js-search-btn" aria-label="Search"><svg role="presentation" focusable="false"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#search"/></svg></button></div></header><main><article class="post"><div class="hero"><figure class="hero__image hero__image--overlay"><img src="https://www.finecloud.ch/media/website/download.jpg" srcset="https://www.finecloud.ch/media/website/responsive/download-xs.jpg 300w, https://www.finecloud.ch/media/website/responsive/download-sm.jpg 480w, https://www.finecloud.ch/media/website/responsive/download-md.jpg 768w, https://www.finecloud.ch/media/website/responsive/download-lg.jpg 1024w, https://www.finecloud.ch/media/website/responsive/download-xl.jpg 1360w, https://www.finecloud.ch/media/website/responsive/download-2xl.jpg 1600w" sizes="100vw" loading="eager" alt=""></figure><header class="hero__content"><div class="wrapper"><div class="post__meta"><time datetime="2022-07-08T15:47">Juli 8, 2022</time></div><h1>Citrix ADC (NetScaler) Backup mit Ansible</h1></div></header></div><div class="wrapper post__entry"><div class="post__toc"><h3>Table of Contents</h3><ul><li><a href="#mcetoc_1g7f244jrl8">Beschreibung</a></li><li><a href="#mcetoc_1g7f244jrl9">Ansible Config</a></li><li><a href="#mcetoc_1g7f244jrla">Inventar</a></li><li><a href="#mcetoc_1g7f244jrlb">Playbook</a></li><li><a href="#mcetoc_1g7f244jrlc">Rolle citrix_adc</a></li><li><a href="#mcetoc_1g7f244jrld">Secrets</a></li><li><a href="#mcetoc_1g7f244jrle">Run</a></li></ul></div><h2 id="mcetoc_1g7f244jrl8">Beschreibung</h2><p>Citrix ADC, bis vor einer Weile noch als Citrix NetScaler bekannt ist eine Netzwerk Appliance welche als Access Gateway und Proxy verwendet werden kann. In diesem Artikel werden wir ein kleines Ansible Playbook schreiben, mit welchem man einen Citrix ADC sichern kann.</p><h2 id="mcetoc_1g7f244jrl9">Ansible Config</h2><p>Als erster Schritt definieren wir die Ansible Konfiguration: <code>ansible.cfg</code></p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-section" style="color: #ffc66d;">[defaults]</span>
<span class="hljs-attr">interpreter_python</span>=auto_silent
<span class="hljs-section" style="color: #ffc66d;">
[ssh_connection]</span>
<span class="hljs-comment" style="color: grey;"># allows new host keys once</span>
<span class="hljs-attr">ssh_args</span> = -o StrictHostKeyChecking=accept-new</pre><p>Dabei ist wichtig das du deine Secrets mit dem <span class="hljs-attr"><code>vault_password_file</code> verschlüsselst.</span></p><h2 id="mcetoc_1g7f244jrla">Inventar</h2><p>Nun erstellen wir uns eine Datei <code>inventory.yaml</code>mit dem folgenden Inhalt:</p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-meta" style="color: #bbb529;">---</span>
<span class="hljs-comment" style="color: grey;"># yamllint disable rule:line-length</span>
<span class="hljs-attr">all:</span>
<span class="hljs-attr"> hosts:</span>
<span class="hljs-attr"> children:</span>
<span class="hljs-attr"> citrix_adc:</span>
<span class="hljs-attr"> hosts:</span>
netscaler01
netscaler02</pre><p>die Hosts müssen dabei natürlich den FQDN Namen deiner ADCs entsprechen.</p><h2 id="mcetoc_1g7f244jrlb">Playbook</h2><p>Auch das Playbook selbst ist nicht sehr spannend, von hier aus werden wir dann die Rolle mit dem eigentlich spannenden Inhalt anstossen: <code>playbook.yaml</code></p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-meta" style="color: #bbb529;">---</span>
<span class="hljs-attr">- hosts:</span> citrix_adc
<span class="hljs-attr"> gather_facts:</span> <span class="hljs-literal" style="color: #6897bb;">false</span>
<span class="hljs-attr"> roles:</span>
<span class="hljs-bullet" style="color: #6897bb;"> -</span> citrix_adc</pre><h2 id="mcetoc_1g7f244jrlc">Rolle citrix_adc</h2><p>Nun kommt der Spannende Inhalt, wir erstellen nun folgende Ordnerstruktur und main.yaml Dateien:</p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;">└── roles
└── citrix_adc
├── tasks
│ └── main.yaml
└── vars
└── main.yaml</pre><p>der Inhalt der <code>task/main.yaml</code> Datei ist wiefolgt:</p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-meta" style="color: #bbb529;">---</span>
<span class="hljs-comment" style="color: grey;"># yamllint disable rule:line-length</span>
<span class="hljs-attr">- name:</span> Delete all old backups from local
<span class="hljs-attr"> delegate_to:</span> localhost
<span class="hljs-attr"> file:</span>
<span class="hljs-attr"> path:</span> <span class="hljs-string" style="color: #6a8759;">"<span class="hljs-template-variable" style="color: #629755;">{{ dest_path }}</span>/<span class="hljs-template-variable" style="color: #629755;">{{ inventory_hostname }}</span>"</span>
<span class="hljs-attr"> state:</span> absent
<span class="hljs-attr">- name:</span> Generate new Citrix ADC system backup
<span class="hljs-attr"> delegate_to:</span> localhost
<span class="hljs-attr"> command:</span> ssh -l backuper {{ inventory_hostname }} <span class="hljs-string" style="color: #6a8759;">"create system backup -level full <span class="hljs-template-variable" style="color: #629755;">{{ backup_file }}</span>"</span>
<span class="hljs-attr"> register:</span> command_result
<span class="hljs-attr"> failed_when:</span> <span class="hljs-string" style="color: #6a8759;">"'Resource already exists' in command_result.stdout"</span>
<span class="hljs-attr">- name:</span> Create new empty directory
<span class="hljs-attr"> delegate_to:</span> localhost
<span class="hljs-attr"> file:</span>
<span class="hljs-attr"> path:</span> <span class="hljs-string" style="color: #6a8759;">"<span class="hljs-template-variable" style="color: #629755;">{{ dest_path }}</span>/<span class="hljs-template-variable" style="color: #629755;">{{ inventory_hostname }}</span>"</span>
<span class="hljs-attr"> state:</span> directory
<span class="hljs-attr"> mode:</span> <span class="hljs-string" style="color: #6a8759;">'0755'</span>
<span class="hljs-attr">- name:</span> Download backup file from Citrix ADC to local folder
<span class="hljs-attr"> delegate_to:</span> localhost
<span class="hljs-attr"> command:</span> /bin/scp backuper@{{ inventory_hostname }}:/var/ns_sys_backup/{{ backup_file }}.tgz {{ dest_path }}/{{ inventory_hostname }}/{{ backup_file }}.tgz
<span class="hljs-attr">- name:</span> delete backup from ADC
<span class="hljs-attr"> delegate_to:</span> localhost
<span class="hljs-attr"> command:</span> ssh -l backuper {{ inventory_hostname }} <span class="hljs-string" style="color: #6a8759;">"rm backup <span class="hljs-template-variable" style="color: #629755;">{{ backup_file }}</span>.tgz"</span></pre><p>der Inhalt der <code>vars/main.yaml</code> Datei ist wiefolgt:</p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-meta" style="color: #bbb529;">---</span>
<span class="hljs-comment" style="color: grey;"># yamllint disable rule:line-length</span>
<span class="hljs-attr">dest_path:</span> <span class="hljs-string" style="color: #6a8759;">"/var/git/ndcb-data"</span>
<span class="hljs-attr">backup_file:</span> <span class="hljs-string" style="color: #6a8759;">"backup_full_<span class="hljs-template-variable" style="color: #629755;">{{ inventory_hostname }}</span>_<span class="hljs-template-variable" style="color: #629755;">{{ lookup('pipe','date +%Y-%m-%d-%H') }}</span>"<br></span></pre><h2 id="mcetoc_1g7f244jrld">Secrets</h2><p>Was noch fehlt sind die Secrets. Wir werden jedoch in diesem Fall gar keine Secrets verwenden, sondern direkt mit SSH-Key Authentifizieren. Dazu mussst du auf deinem Gerät einen neues SSH-Key Pair generieren und anschliessend wie folgt auf den Citrix ADCs als <em>authorized keys</em> erlauben:</p><ol><li>Auf ADCs einloggen und unter diesem Pfad dein PublicKey eintragen: /nsconfig/ssh/authorized_keys :<pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;">ssh-rsa AAAAB3NzaC1.....</pre></li><li>Anschliessend kannst du den Citrix ADC Host neustarten (z.b. wenn er nur im Seconday Mode ist), noch einfacher ist, wenn du einfach den sshd Service neustartest, was auf dem Citrix ADC relativ brachial ist:<pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;"><span class="hljs-built_in">kill</span> -HUP `cat /var/run/sshd.pid`</pre></li></ol><h2 id="mcetoc_1g7f244jrle">Run</h2><p>Das Playbook kann nun wiefolgt ausgeführt werden:</p><pre class="hljs" style="color: #a9b7c6; background: #282b2e none repeat scroll 0% 0%; display: block; overflow-x: auto; padding: 0.5em;">ansible-playbook playbook.yaml -i inventory.yaml</pre><p> </p></div><footer class="wrapper post__footer"><p class="post__last-updated">This article was updated on Juli 8, 2022</p><ul class="post__tag"><li><a href="https://www.finecloud.ch/tags/ansible/">ansible</a></li><li><a href="https://www.finecloud.ch/tags/iac/">iac</a></li><li><a href="https://www.finecloud.ch/tags/infrastructure-as-code/">infrastructure as code</a></li><li><a href="https://www.finecloud.ch/tags/ssh/">ssh</a></li><li><a href="https://www.finecloud.ch/tags/tools/">tools</a></li></ul><div class="post__share"></div></footer></article><nav class="post__nav"><div class="post__nav-inner"><div class="post__nav-prev"><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-prev"/></svg> <a href="https://www.finecloud.ch/jvm-und-jdk-unter-der-haube.html" class="post__nav-link" rel="prev"><span>Previous</span> JVM und JDK unter der Haube</a></div><div class="post__nav-next"><a href="https://www.finecloud.ch/unterschiede-zwischen-proxmox-containers-und-docker.html" class="post__nav-link" rel="next"><span>Next</span> Unterschiede zwischen Proxmox Containers und Docker </a><svg width="1.041em" height="0.416em" aria-hidden="true"><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#arrow-next"/></svg></div></div></nav><div class="post__related related"><div class="wrapper"><h2 class="h5 related__title">You should also read:</h2><article class="related__item"><div class="feed__meta"><time datetime="2022-11-02T19:12" class="feed__date">November 2, 2022</time></div><h3 class="h1"><a href="https://www.finecloud.ch/opnsense-backup-to-nextcloud.html">Backup OPNsense to Nextcloud</a></h3></article><article class="related__item"><div class="feed__meta"><time datetime="2022-10-13T07:42" class="feed__date">Oktober 13, 2022</time></div><h3 class="h1"><a href="https://www.finecloud.ch/threema-backup-to-nextcloud.html">Threema Safe backup to Nextcloud</a></h3></article><article class="related__item"><div class="feed__meta"><time datetime="2022-07-02T17:34" class="feed__date">Juli 2, 2022</time></div><h3 class="h1"><a href="https://www.finecloud.ch/kubernetes-auf-proxmox-mit-ansible-und-terraform-teil-2.html">Kubernetes auf Proxmox mit Ansible und Terraform (Teil 2)</a></h3></article></div></div></main><footer class="footer"><div class="footer__copyright"><p>Powered by Publii</p></div><button onclick="backToTopFunction()" id="backToTop" class="footer__bttop" aria-label="Back to top" title="Back to top"><svg><use xlink:href="https://www.finecloud.ch/assets/svg/svg-map.svg#toparrow"/></svg></button></footer></div><script>window.publiiThemeMenuConfig = {
mobileMenuMode: 'sidebar',
animationSpeed: 300,
submenuWidth: 'auto',
doubleClickTime: 500,
mobileMenuExpandableSubmenus: true,
relatedContainerForOverlayMenuSelector: '.top',
};</script><script defer="defer" src="https://www.finecloud.ch/assets/js/scripts.min.js?v=6ca8b60e6534a3888de1205e82df8528"></script><script>var images = document.querySelectorAll('img[loading]');
for (var i = 0; i < images.length; i++) {
if (images[i].complete) {
images[i].classList.add('is-loaded');
} else {
images[i].addEventListener('load', function () {
this.classList.add('is-loaded');
}, false);
}
}</script><script defer="defer" src="https://www.finecloud.ch/media/plugins/syntaxHighlighter/prism.js"></script></body></html>