Citrix Application Delivery Management

Configure LBaaS V2 using command line

LBaaS V2 supports SSL offload with certificates managed by Barbican, certificate bundles (includes intermediary Certification Authorities), SNI support along with the regular load balancing features. LBaaS V2 supports only command line interface to run configuration tasks. LBaaS V2 API implementations are performed through Neutron LBaaS commands.

Note

Upload certificate and key to Barbican service when you require SSL offloading feature. Perform steps 1, 2, and 3 if SSL offloading is supported, else continue from step 4 to create a load balancer, a listener, a pool and a member.

  1. Upload certificate to Barbican service using the following command:

    barbican secret store --payload-content-type <content_type> --name <certificate_name> --payload<certificate_location>
    

    Example:

    barbican secret store --payload-content-type='text/plain' --name='hp_server_certificate' --payload=" hp_server/tmp/server_certificate"
    

    Upload certificate

  2. Upload key to Barbican service using the following command:

    barbican secret store --payload-content-type <content_type> --name <key_name> --payload<key_location>
    

    Example:

    barbican secret store -- payload-content-type='text/plain' --name='shp_server_key' --payload="hp-server/tmp/server_key"
    

    Upload key

    Note

    When you run these two Barbican commands to load the certificate and the key, the Secret href fields provide a location or url. This is where the certificate and the key are stored on the system where OpenStack is installed. Copy these links and provide these links as parameters when you create the container on Barbican service in step 3.

  3. Create a container in Barbican service to store the certificate and the key using the following command:

    In the command, replace with the url that you obtained from the Secret href field when you uploaded the certificate. Similarly, replace with the url that you obtained from the Secret href field when you uploaded the key.

    barbican secret container create --name<container_name> --type<container_type> --secret<certificate_url> --secret<key_url>
    

    Example:

    barbican secret container create --name='hp_container' --type='certificate' --secret="`certificate=http://localhost:9311/v1/secrets/e36a4a82-87e4-4873-9efe-55108875ef58 --secret="private_key=http://localhost:9311/v1/secrets/1b9e1a93-2aeb-4101-8002-e52acab987b0`"
    

    Create container

    Copy the container href value. You have to provide the link to the container when creating the listener in step 6.

  4. Set the environment variables in OpenStack. The variables enable the OpenStack client commands to communicate with the OpenStack services.

    Example:

    export OS_PASSWORD-hp

    export OS_AUTH_URL=http://10.106.43.15:35357/v2.0/

    export OS_USERNAME=hp_user

    export OS_TENANT_NAME=hp

    export OS_IDENTITY_API_VERSION=2.0

    export BARBICAN_ENDPOINT=”http://10.106.43.15:9311/

    Set environment variables

    Note

    Set these variables for every SSH session before running other commands. For more information about OpenStack environment variables, see OpenStack environment variables.

  5. Create a load balancer using the following command:

    neutron lbaas-loadbalancer-create --name <loadbalancer-name>  <subnet-name> --provider <netscaler>
    

    Example:

    neutron lbaas-loadbalancer-create --name hp-lb-test hp-sub1 --provider netscaler
    

    Create load balancer

    The status changes from PENDING_CREATE to ACTIVE after the load balancer is successfully created.

    Status change of a load balancer

  6. Create a listener using the following command:

    neutron lbaas-listener-create --loadbalancer <loadbalancer-name> --name <listener-name> --protocol <protocol_type> --protocol-port <port_number> --default-tls-container-id<container_url>
    

    Example:

    neutron lbaas-listener-create --name hp-lb-test-list  --loadbalancer hp-lb-test --protocol TERMINATED_HTTPS --protocol-port 443 --default-tls-container-id `http://10.106.43.15:9311/v1/containers/d688676f-c256-4a0d-b84d-a310419dc0aa`
    

    Note

    If you are creating a listener without SSL offload support, run the following command without providing locations to the container:

    neutron lbaas-listener-create --loadbalancer <loadbalancer-name> --name <listener-name> --protocol <protocol_type> --protocol-port <port_number>

    Create a listener without SSL offload

  7. Create a pool using the following command:

    neutron lbaas-pool-create --lb-algorithm <algorithm_type> --listener <listener-name> --protocol <protocol_type> --name <pool-name>
    

    Example:

    neutron lbaas-pool-create --lb-algorithm LEAST_CONNECTIONS --listener demolistener --protocol http --name demopool
    

    Create a pool

  8. Create a member using the following command:

    neutron lbaas-member-create  --subnet <subnet-name> --address <ip-address of the web server> --protocol-port <port_number>  <pool-name>
    

    Example:

    neutron lbaas-member-create --subnet hp-sub1 --address 15.0.0.15 --protocol-port 80 hp-lb-test-pool
    

    Create a member

Monitoring OpenStack Applications in Citrix ADM

Your tenants can log on to Citrix Application Delivery Management (ADM) using their OpenStack credentials to monitor VIPs and pools created from OpenStack from any browser. The URL must be in the following format:

http://<mas_ip>/<admin_ui>/mas/ent/html/cc_tenant_main.html

Where, mas-ip-address, is the Citrix ADM IP address that is registered with the OpenStack.

Note

  • OpenStack VIPs correspond to virtual servers in Citrix ADM.

  • OpenStack Pools correspond to service groups in Citrix ADM.

  • OpenStack Pool members correspond to service group members in Citrix ADM.

Configure LBaaS V2 using command line