Implementación de configuraciones de GSLB mediante nombres de dominio DNS
Las nuevas mejoras de RBAC en Citrix Application Delivery Management (ADM) permiten a los propietarios de aplicaciones autorizados crear y administrar sus propios dominios DNS en Citrix ADM. Ahora puede autorizar a los propietarios de la aplicación a crear configuraciones GSLB a partir de los dominios DNS que poseen, utilizando StyleBooks específicos. Si el nombre de dominio DNS seleccionado es propiedad del usuario, se puede utilizar al crear configuraciones de GSLB mediante StyleBooks de GSLB en el panel de aplicaciones Citrix ADM. Existen dos flujos de trabajo en Citrix ADM para configurar las configuraciones de GSLB.
-
Flujo de trabajo para los administradores. Configure el entorno RBAC en Citrix ADM. Es decir, para crear e importar StyleBooks GSLB, debe crear grupos de usuarios, directivas y roles, y asignar usuarios al grupo. Como administrador, debe realizar este flujo de trabajo.
-
Flujo de trabajo para los propietarios de la aplicación. Los propietarios de aplicaciones deben crear configuraciones GSLB utilizando nombres de dominio que poseen.
El siguiente diagrama de flujo muestra ambos flujos de trabajo:
Flujo de trabajo para los administradores
Como administrador, el flujo de trabajo para crear un entorno RBAC en Citrix ADM consta de los siguientes pasos:
Primero, cree un StyleBook para implementar configuraciones GSLB en las instancias Citrix ADC. Este documento proporciona un ejemplo de contenido YAML para ayudarle a crear su propio StyleBook -Crea tu StyleBook.
Para obtener más información sobre cómo crear StyleBooks personalizados, consulte Crear y utilizar StyleBooks personalizados.
Nota
Citrix ADM admite una nueva construcción en StyleBooks llamada “allowed-dynamic-values. “ Esta construcción se puede utilizar para permitir al usuario enumerar y seleccionar entre los valores de dominio DNS presentes en Citrix ADM para rellenar automáticamente el parámetro “domain-name” en StyleBook en la GUI de Citrix ADM.
Se proporciona una sección de parámetros “domain-name” de ejemplo para su referencia.
El parámetro “domain-name” utilizado aquí es solo un ejemplo. El parámetro puede ser diferente en su StyleBook personalizado.
-
name: domain-name
label: DNS Domain Name
description: GSLB DNS Domain Name
type: string
required: true
allowed-dynamic-values:
source: local
resource-type: dns_domain_entry
Nota
Actualmente en Citrix ADM, la construcción “allowed-dynamic-values” no se utiliza en ninguno de los StyleBooks predeterminados. Cree un nuevo StyleBook GSLB personalizado utilizando el GSLB StyleBook predeterminado. Reemplace la pieza para el parámetro de nombre de dominio con el ejemplo proporcionado anteriormente. Puede utilizar cualquier editor de texto para crear nuevos StyleBooks.
-
Inicie sesión en Citrix ADM como administrador.
-
Vaya a Aplicaciones > Configuraciones > Libros de Estilo.
-
Haga clic en Importar nuevo StyleBook y cargue el nuevo GSLB StyleBook en Citrix ADM.
Para obtener más información sobre cómo importar StyleBooks en Citrix ADM, consulte Usar StyleBooks personalizados.
-
Vaya a Sistema > Usuarios > Directivas y haga clic en Agregar para configurar una directiva de acceso para los propietarios de aplicaciones como se muestra a continuación.
Citrix recomienda crear una directiva de acceso para asegurarse de que los propietarios de las aplicaciones no evadan las reglas RBAC establecidas por usted.
-
Escriba un nombre para la directiva y una breve descripción. En la sección Permisos, asegúrese de que los siguientes permisos de vista y edición se comprueben obligatoriamente.
-
Aplicaciones > Panel
-
Aplicaciones > Configuraciones
-
Redes > Instancias
-
Redes > Administración de licencias
-
Redes > Nombres de dominio DNS
Puede proporcionar otros permisos según corresponda y hacer clic en Crear.
-
-
Vaya a Sistema > Usuarios > Roles y cree un rol y asigne la directiva creada en el paso anterior.
-
Escriba un nombre para el rol y proporcione una breve descripción. En la sección Directivas, seleccione AppOwnerExampleAccessPolicy.
-
Vaya a Sistema > Usuarios > Grupos y cree un grupo y asocie el rol creado en el paso anterior.
-
Escriba un nombre y una descripción y, en la sección Roles, seleccione AppOwnerExampleRole.
-
Haga clic en Siguiente.
-
En la ficha Configuración de autorización, seleccione las instancias Citrix ADC a las que tiene acceso el propietario de la aplicación y el nuevo StyleBook de GSLB.
Repita este paso para crear tantos grupos de usuarios como necesite en su organización. Haga clic en Crear grupo.
-
Cree un usuario del sistema y asígnelo a un grupo de usuarios. Este documento se refiere únicamente a los usuarios creados localmente. No es necesario crear usuarios en grupos de usuarios si Citrix ADM está configurado para usar autenticación externa, por ejemplo, LDAP. La asignación de usuarios a grupos se recupera del directorio de autenticación externo.
-
Vaya a Sistema > Usuarios > Usuario.
-
Escriba un nombre de usuario y una contraseña para el usuario del sistema y asígnelo al grupo.
Nota El
paso 12 es opcional y no es necesario si se utiliza autenticación externa como LDAP.
-
API REST de Citrix ADM para flujo de trabajo de administración
API REST para iniciar sesión en Citrix ADM
URL: http: //<MAS_IP>/nitro/v2/config/login
HTTPMETHOD: POST
Body Payload:
{
"login": {
"username": "<USER_NAME>",
"password": "<PASSWORD>",
"session_timeout": 1800
}
}
The response results in a session cookie header, that can be sent with the rest of the API requests below.
Set-Cookie: SESSID=##ED31F7C886E248CCDCA8F0E0AD2AA511ACCC5F46C48D6D2BCAA719A9DE62;path=/;secure;HttpOnly
API REST para crear una directiva de acceso
URL: https://<MAS_IP>/nitro/v2/config/rba_policy
HTTP METHOD: POST
{
"rba_policy": {
"name": " AppOwnerAccessPolicy",
"description": " ExampleCompany AppOwner Access Policy",
"tenant_id": "7c12ec97-1472-4096-97e7-a5acb453cc5c",
"statement": [
{
"access_type": true,
"resource_type": "application",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server,app_category"
},
{
"access_type": true,
"resource_type": "application",
"operation_name": "get",
"dependent_resources": "download,smtp_server,ns_vserver_license,app_category,app_summary,app_health_dashboard_details,haproxy_frontend,haproxy_backend,haproxy_frontend_stats"
},
{
"access_type": true,
"resource_type": "si_app_unit",
"operation_name": "get",
"dependent_resources": "download,smtp_server,app_summary,si_app_summary,si_device,security_app_dashboard_details,si_geo_location,si_safety_app_firewall,si_safety_overview,si_safety_security_check,si_safety_system_security,si_safety_signature"
},
{
"access_type": true,
"resource_type": "stylebooks",
"operation_name": "get",
"dependent_resources": "download,smtp_server,ns_vserver_license"
},
{
"access_type": true,
"resource_type": "stylebooks",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "configpacks",
"operation_name": "get",
"dependent_resources": "download,smtp_server,stylebooks,ns_vserver_license"
},
{
"access_type": true,
"resource_type": "configpacks",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "stylebooks_system_settings",
"operation_name": "get",
"dependent_resources": "download,smtp_server"
},
{
"access_type": true,
"resource_type": "stylebooks_system_settings",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "ns_crvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_cache_redirection_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_crvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "haproxy_frontend",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,haproxy_backend,haproxy_server"
},
{
"access_type": true,
"resource_type": "haproxy_frontend",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "ns_server",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_server,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_server",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_lbvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_lb_vserver_report,ns_emon_poll_policy,poll_activity_status,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_lbvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_service",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_visualizer_lb_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_service",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_visualizer_lb_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_servicegroup",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_servicegroupmember_binding,ns_visualizer_lb_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_servicegroup",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_servicegroupmember_binding,ns_visualizer_lb_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_authenticationvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_authentication_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_authenticationvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "syslog_messages",
"operation_name": "get",
"dependent_resources": "download,smtp_server"
},
{
"access_type": true,
"resource_type": "ns_emon_poll_policy",
"operation_name": "get",
"dependent_resources": "download,poll_activity_status,smtp_server"
},
{
"access_type": true,
"resource_type": "ns_emon_poll_policy",
"operation_name": "add",
"dependent_resources": "download,poll_activity_status,mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "ns_visualizer_gslb_bindings",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,ns_gslbvserver_domain,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_visualizer_gslb_bindings",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,poll_activity_status,ns_emon_poll_policy,ns_gslbvserver_domain,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_gslbservice",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_gslbservice",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_gslbvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_global_server_load_balancing_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_gslbvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_vpnvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_vpnvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_ssl_vpn_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_csvserver",
"operation_name": "get",
"dependent_resources": "download,DeviceAPIProxy,smtp_server,perf_content_switching_report,ns_emon_poll_policy,poll_activity_status,ns_visualizer_cs_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "ns_csvserver",
"operation_name": "add",
"dependent_resources": "DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_visualizer_cs_bindings,lb_export_report"
},
{
"access_type": true,
"resource_type": "dns_domain_entry",
"operation_name": "get",
"dependent_resources": ""
},
{
"access_type": true,
"resource_type": "dns_domain_entry",
"operation_name": "add",
"dependent_resources": ""
},
{
"access_type": true,
"resource_type": "devicewise_detail_summary",
"operation_name": "get",
"dependent_resources": "download,mps_user_heatmap,ns_event,mps_agent,active_event,smtp_server,mps_datacenter,event_severity_report,event_device_report,ns_conf,device_event_summary"
},
{
"access_type": true,
"resource_type": "devicewise_detail_summary",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "cbwanopt",
"operation_name": "get",
"dependent_resources": "download,device_backup,traceroute,inventory,inventory_status,ping,mps_datacenter,cbwanopt_device_profile,sdwanvw_device_profile,sdwanvw_snmp_config,sdwanvw_appflowconfig,smtp_server,cbwanopt_snmp_config,cbwanopt_appflowconfig,sdwanvw,tag"
},
{
"access_type": true,
"resource_type": "cbwanopt",
"operation_name": "add",
"dependent_resources": "inventory,managed_device,device_backup,upload,cbwanopt_device_profile,mps_datacenter,mail_profile,slack_profile,smtp_server,sdwanvw_device_profile,sdwanvw_snmp_config,sdwanvw_appflowconfig,cbwanopt_snmp_config,cbwanopt_appflowconfig,sdwanvw,tag"
},
{
"access_type": true,
"resource_type": "device_login",
"operation_name": "get",
"dependent_resources": ""
},
{
"access_type": true,
"resource_type": "ns",
"operation_name": "get",
"dependent_resources": "download,ns_config_replicate,ns_conf,ns_ns_runningconfig,ns_ns_savedconfig,active_event,device_backup,traceroute,inventory,inventory_status,ping,ns_device_profile,nssdx_device_profile,sdx_snmp_config,sdx_syslog_config,smtp_server,ns_cluster,ns_snmp_config,ns_syslog_config,ns_l7_latency_config,ica_l7_latency_update,af_vserver_policy,ns_vserver_appflow_config,mps_datacenter,ns_appflow_param_config,ns_ns_license,ns_ns_mode,ns_network_interface,advanced_analytics_config,tag"
},
{
"access_type": true,
"resource_type": "ns",
"operation_name": "add",
"dependent_resources": "inventory,ns_l7_latency_config,ica_l7_latency_update,af_vserver_policy,ns_config_replicate,managed_device,device_backup,upload,ns_device_profile,nssdx_device_profile,mps_datacenter,sdx_snmp_config,sdx_syslog_config,mail_profile,slack_profile,smtp_server,ns_cluster,ns_snmp_config,ns_syslog_config,ns_vserver_appflow_config,ns_appflow_param_config,advanced_analytics_config,tag"
},
{
"access_type": true,
"resource_type": "haproxyhost",
"operation_name": "get",
"dependent_resources": "download,traceroute,inventory,inventory_status,ping,mps_datacenter,smtp_server,haproxy_device_profile,device_backup,tag"
},
{
"access_type": true,
"resource_type": "haproxyhost",
"operation_name": "add",
"dependent_resources": "inventory,managed_device,mail_profile,slack_profile,smtp_server,mps_datacenter,haproxy_device_profile,haproxy,device_backup,tag"
},
{
"access_type": true,
"resource_type": "docker_host",
"operation_name": "add",
"dependent_resources": "inventory,ns_snmp_config,managed_device,ns,upload,mail_profile,slack_profile,smtp_server,mps_datacenter,ns_device_profile,docker_nscpx_image"
},
{
"access_type": true,
"resource_type": "docker_host",
"operation_name": "get",
"dependent_resources": "download,ns_snmp_config,ns_conf,ns_ns_runningconfig,ns_ns_savedconfig,smtp_server,mps_datacenter,ns_device_profile,traceroute,inventory,inventory_status,ping,active_event,ns_ns_license,ns_ns_mode,ns_network_interface"
},
{
"access_type": true,
"resource_type": "perf_reports",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server,perf_custom_dashboard"
},
{
"access_type": true,
"resource_type": "perf_reports",
"operation_name": "get",
"dependent_resources": "download,smtp_server,perf_report_counters,perf_res_util_report,perf_http_req_tcp_conn_report,perf_lb_ssl_traffic_report,perf_ip_bytes_rxtx_report,perf_ip_pkt_rxtx_report,perf_icmp_pkt_rxtx_report,perf_icmp_bytes_rxtx_report,perf_icmpv6_pkt_rxtx_report,perf_icmpv6_bytes_rxtx_report,perf_ipv6_bytes_rxtx_report,perf_ipv6_pkt_rxtx_report,perf_udp_bytes_rxtx_report,perf_udp_packets_rxtx_report,perf_cmp_bytes_rxtx_report,perf_cmp_tcp_bytes_rxtx_report,perf_cmp_tcp_ratiosaving_report,perf_cmp_decmp_bytes_rxtx_report,perf_cmp_decmp_ratiosaving_report,perf_tcp_server_conn_report,perf_tcp_surgelen_spareconn_report,perf_http_bytes_rx_report,perf_http_gets_posts_report,perf_ssl_transactions_hits_report,perf_ssl_client_auth_report,perf_ssl_rsa_dhkey_report,perf_ssl_frontend_ciphers_report,perf_ssl_backend_ciphers_report,perf_wsdevice_cpu_utilization_report,perf_wsdevice_send_compression_ratio_report,perf_wsdevice_connected_plugins_report,perf_wsdevice_data_reduction_report,perf_wsdevice_link_utilization_report,perf_wsserviceclassstatstable_pass_through_connection_report,perf_wsserviceclassstatstable_service_class_report,perf_wsserviceclassstatstable_acceleration_report,perf_wslinkstatstable_throughput_report,perf_wslinkstatstable_packet_loss_report,perf_wsappstatstable_application_report,perf_wsqosstatstable_qos_report,perf_ssl_cpu_keyexchange_report,perf_ssl_be_rsa_dhkey_report,perf_custom_dashboard,perf_ns_throughput_report,perf_network_interface_report"
},
{
"access_type": true,
"resource_type": "perf_threshold",
"operation_name": "get",
"dependent_resources": "download,perf_reports,perf_report_counters,smtp_server,sms_server,sms_profile"
},
{
"access_type": true,
"resource_type": "perf_threshold",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server,sms_server,sms_profile"
},
{
"access_type": true,
"resource_type": "perf_poll_config",
"operation_name": "add",
"dependent_resources": "mail_profile,slack_profile,smtp_server"
},
{
"access_type": true,
"resource_type": "perf_poll_config",
"operation_name": "get",
"dependent_resources": "smtp_server,download"
},
{
"access_type": true,
"resource_type": "license_server_info",
"operation_name": "get",
"dependent_resources": "sms_server,license_proxy_server,jazz_license,download,sms_profile,smtp_server,user_managed_tp_vserver,managed_vserver,user_managed_vserver,haproxy_frontend,haproxy_backend,license_file,device_license_info,license_info,ns_authenticationvserver,ns_gslbvserver,ns_vpnvserver,ns_csvserver,ns_crvserver,ns_lbvserver,autoselection_preference,license_threshold,license_expiry_info"
},
{
"access_type": true,
"resource_type": "license_server_info",
"operation_name": "add",
"dependent_resources": "sms_server,license_proxy_server,jazz_license,sms_profile,mail_profile,slack_profile,smtp_server,user_managed_tp_vserver,managed_vserver,upload,license_file,license_info,license_threshold,mas_license,user_managed_vserver,autoselection_preference,license_expiry_info"
}
],
"ui": [
{
"access_type": true,
"name": "ApplicationsDashboard",
"display_name": "Dashboard"
},
{
"access_type": true,
"name": "SecurityDashboard",
"display_name": "App Security Dashboard"
},
{
"access_type": true,
"name": "Stylebooks",
"display_name": "StyleBooks"
},
{
"access_type": true,
"name": "Stylebooks",
"display_name": "Configpacks"
},
{
"access_type": true,
"name": "StylebooksSettings",
"display_name": "Settings"
},
{
"access_type": true,
"name": "CacheRedirection",
"display_name": "Cache Redirection"
},
{
"access_type": true,
"name": "HAProxy",
"display_name": "HAProxy"
},
{
"access_type": true,
"name": "Servers",
"display_name": "Servers"
},
{
"access_type": true,
"name": "VirtualServers",
"display_name": "Virtual Servers"
},
{
"access_type": true,
"name": "Services",
"display_name": "Services"
},
{
"access_type": true,
"name": "ServiceGroups",
"display_name": "Service Groups"
},
{
"access_type": true,
"name": "Authentication",
"display_name": "Authentication"
},
{
"access_type": true,
"name": "MonitoringAuditing",
"display_name": "Auditing"
},
{
"access_type": true,
"name": "MonitoringSettings",
"display_name": "Settings"
},
{
"access_type": true,
"name": "GSLBDomains",
"display_name": "Domains"
},
{
"access_type": true,
"name": "GSLBServices",
"display_name": "Services"
},
{
"access_type": true,
"name": "GSLBVirtualServer",
"display_name": "Virtual Server"
},
{
"access_type": true,
"name": "NetScalerGateway",
"display_name": "NetScaler Gateway"
},
{
"access_type": true,
"name": "ContentSwitching",
"display_name": "Content Switching"
},
{
"access_type": true,
"name": "DNSDomainNames",
"display_name": "DNS Domain Names"
},
{
"access_type": true,
"name": "NetworkDashboard",
"display_name": "Instances Dashboard"
},
{
"access_type": true,
"name": "NetScalerSDWANWOInstances",
"display_name": "NetScaler SD-WAN"
},
{
"access_type": true,
"name": "InstanceOperations",
"display_name": "Instance Operations"
},
{
"access_type": true,
"name": "NetScalerInstances",
"display_name": "NetScaler ADC"
},
{
"access_type": true,
"name": "HAProxyInstances",
"display_name": "HAProxy"
},
{
"access_type": true,
"name": "NetScalerCPXDockerHost",
"display_name": "Docker Hosts"
},
{
"access_type": true,
"name": "Reports",
"display_name": "Reports"
},
{
"access_type": true,
"name": "Thresholds",
"display_name": "Thresholds"
},
{
"access_type": true,
"name": "ReportingSettings",
"display_name": "Settings"
},
{
"access_type": true,
"name": "Licenses",
"display_name": "License Management"
}
]
}
}
API REST para crear un rol de acceso
URL: https://<MAS_IP>/nitro/v2/config/rba_role
HTTPMETHOD: POST
Payload:
{
"rba_role": {
"name": "AppOwnerRole",
"description": "ExampleCompany App Owner Role",
"policies": [
"AppOwnerAccessPolicy"
]
}
API REST para cargar nuevo GSLB StyleBook
URL: https://<MAS_IP>/stylebook/nitro/v2/config/stylebooks
HTTPMETHOD: POST
Payload:
{
"stylebook": {
"file_name": "my-own-gslb.yaml",
"source": "bmFtZTogZ3NsYi1kbnMtZG9tYW...aXRvcm5hbWU=",
"encoding": "base64"
}
}
Nota
El nombre del StyleBook podría cambiar en su sistema.
API REST para crear grupos y asignar instancias seleccionadas y StyleBooks
URL: https://<MAS_IP>/nitro/v2/config/mpsgroup
HTTPMETHOD: POST
Payload:
{
"mpsgroup": {
"id": "",
"name": "AppOwnerGroup1",
"description": "ExampleCompany App Owner Group",
"roles": [
"AppOwnerRole"
],
"enable_session_timeout": false,
"assign_all_devices": false,
"ass ign_all_apps": false,
"application_names_with_regex": [
],
"standalone_instances_id": [
"72c178da-47df-4426-9acc-cd6316f92506",
"c948061e-6240-4062-931c-f6988ef36e3b"
],
"application_list": [
],
"permission": "none",
"application_names": [
],
"authscope_props": [
{
"propname": "configuration_template_id",
"propvalues": [
"NONE"
]
},
{
"propname": "dns_domain_entry_id",
"propvalues": [
"cf6631e5-2f56-4bb1-b0a5-90fabfc0e3e2",
"b268905c-522d-47e3-a2ca-3f8d8a754373"
]
},
{
"propname": "stylebook_id",
"propvalues": [
"gslbbb963abe85936913035e1d4dd14b56f7",
"moni72fad4494466d102b19c18ac329fa9f3"
]
}
],
"tenant_id": "6d024111-6636-4571-a250-d47b31aba7a8"
}
}
Nota
Para obtener los ID de los nombres de dominio DNS y los StyleBooks de GSLB que se utilizarán en la carga de API anterior, puede utilizar las API Citrix ADM habituales para consultar los ID correspondientes a los nombres de entidades. Por ejemplo, para obtener el ID de un dominio DNS denominado “app1.acme.com”, puede utilizar la siguiente API REST Citrix ADM.
URL: https://<MAS_IP>/nitro/v2/config/dns_domain_entry?filter=name: app1.acme.com
HTTPMETHOD: GET
The ID of this domain can be extracted from the following response.
{
"errorcode": 0,
"message": "Done",
"operation": "get",
"resourceType": "dns_domain_entry",
"username": "nsroot",
"tenant_name": "Owner",
"tenant_id": "568d8e12-1d88-42b2-8943-cbaa04826fd1",
"resourceName": "",
"dns_domain_entry": [
{
"tenant_id": "568d8e12-1d88-42b2-8943-cbaa04826fd1",
"name": "app1.acme.com",
"id": "3e3d85ea-1c21-49b2-97f4-60fccdbae2e0",
"description": "app1 domain name"
}
]
}
Del mismo modo, para obtener el ID de StyleBook de un StyleBook cuyo espacio de nombres es com.citrix.adc.stylebook, versión: 1.0, name: my-own-gslb, puede utilizar la siguiente API.
URL: https://<MAS_IP>/stylebook/nitro/v1/config/stylebooks?filter=name:my-own-gslb,namespace:com.citrix.adc.stylebooks,version:1.0
HTTPMETHOD: GET
La respuesta contiene los detalles de StyleBook, incluido su atributo ID.
{
"stylebooks": [
{
"author": null,
"builtin": "false",
"builtins": "{"netscaler.nitro.config": "10.5"}",
"deprecate": "false",
"description": " This StyleBook is used to configure one or a number of Citrix ADCs in different sites into a GSLB setup. It is assumed that the SNIP IP on each Citrix ADC to be used by this StyleBook as the Site IP is already configured on the appliance.",
"display_name": "HTTP/SSL LoadBalancing StyleBook",
"filename": "my-own-gslb.yaml",
"hide": null,
"id": "gslb5a748d8b7684846cf6c409ad7dea8ccf",
"imported_by": "",
"imported_datetime": "2018-05-25 17:20:32.848902",
"name": "my-own-gslb",
"namespace": "com.citrix.adc.stylebooks",
"pkg_id": "gslb5a748d8b7684846cf6c409ad7dea8ccf",
"primary_keys": "["name"]",
"private": "false",
"recompile": "false",
"schema_version": "1.0",
"source": "LS0tIApuYW1lOiBsYgpuYW1lc…",
"system": null,
"tags": "",
"tenant_id": null,
"user_sb": "false",
"version": "1.0"
},
{
…
}
]
}
Nota
La API anterior devuelve una lista de StyleBooks que coinciden con el filtro. Asegúrese de seleccionar el StyleBook correcto de la respuesta para recuperar el ID.
API REST para crear usuario del sistema
Nota
Este paso es opcional.
URL: https://<MAS_IP>/nitro/v2/config/mpsuser
HTTPMETHOD: POST
Payload:
{
"mpsuser": {
"name": "John",
"password": "welcome",
"external_authentication": false,
"enable_session_timeout": false,
"groups": [
"AppOwnerGroup1"
]
}
}
Flujo de trabajo para los propietarios de aplicaciones
Los usuarios deben iniciar sesión como usuarios de la aplicación utilizando sus credenciales. Los usuarios deben seguir esta tarea para crear sus propios nombres de dominio DNS y utilizar el nuevo StyleBook de GSLB.
-
En Citrix ADM, vaya a Redes > Nombres de dominio DNS.
-
Haga clic en Agregar para crear un dominio DNS. Cree los dominios DNS en Citrix ADM.
Nota
Como administrador, también puede crear estos nombres de dominio y asignarlos a los grupos de usuarios.
-
Vaya a Aplicaciones > Panel y haga clic en Definir aplicación personalizada.
-
Escriba un nombre para la aplicación y seleccione una categoría. Seleccione Crear una nueva aplicación desde un StyleBook y haga clic en Aceptar. Seleccione Mi propio GSLB StyleBook para implementar la configuración en las instancias seleccionadas.
-
Escriba los valores necesarios para todos los parámetros del StyleBook.
-
Seleccione el nombre de dominio de la lista.
-
Agregue los sitios GSLB de su aplicación según corresponda.
-
Seleccione las instancias de Citrix ADC de destino en todos los sitios de GSLB.
-
Haga clic en Crear para crear una configuración de GSLB.
Nota
El parámetro StyleBook “Nombre de dominio DNS” muestra solo la lista de dominios DNS que pertenecen al usuario en Citrix ADM.
-
API REST de Citrix ADM para el flujo de trabajo de propietarios de aplicaciones
API REST para iniciar sesión en Citrix ADM
URL: http: //<MAS_IP>/nitro/v2/config/login
HTTPMETHOD: POST
Payload:
{
"login": {
"username": "<USER_NAME>",
"password": "<PASSWORD>",
"session_timeout": 1800
}
}
API REST para crear nombres de dominio DNS
URL: https://<MAS_IP>/nitro/v2/config/dns_domain_entry
HTTP METHOD: POST
PAYLOAD: {"dns_domain_entry":{"name":"app1.acme.com","description":"app1 acme domain"
}
}
API REST para crear aplicaciones usando StyleBook
URL: https://<MAS_IP>/nitro/v2/config/application
HTTPMETHOD: POST
Payload:
{
"params": {
"action": "app_discovery"
},
"application": {
"id": "",
"name": "app1",
"app_c ategory": "ITOps",
"stylebook_params": "{"name":"my-own-gslb","namespace":"com.citrix.adc.stylebooks","version":"1.0","configpack_payload":{"parameters":{"name":"app1","domain-name":"app1.acme.com",]"ttl":"30","algorithm":"ROUNDROBIN","protocol":"HTTP","sites":[{"name":"site1","ipaddress":"6.5.6.77","virtual-ip":"88.6.5.44","virtual-port":"80"}]},"targets":[ {"id":"72c178da-47df-4426-9acc-cd6316f92506"}, {"id":"0e4d0789-bffe-4266-ba1c-09adfc61db4e"}, {"id":"b5af4455-3f06-4f56-b0cb-3d9f868c1f94"}]}}"
}
}
En la carga útil anterior:
-
El “stylebook_params” contiene el nombre, los espacios de nombres y la versión del StyleBook a usar.
-
El “configpack_payload” contiene los parámetros rellenos del StyleBook como se muestra en el formulario GUI equivalente anterior. Citrix ADM garantiza que solo los nombres de dominio DNS a los que el usuario tiene acceso se puedan utilizar como valores para el parámetro “domain-name”.
-
Los «destinos» contienen la lista de identificadores de NetScaler en los que se implementará la configuración de GSLB (las instancias ADC en los sitios GSLB).
Para obtener el ID de NetScaler dado la dirección IP de administración de NetScaler, puede utilizar la siguiente API Citrix ADM:
URL: https://<MAS_IP>/nitro/v2/config/ns?filter=ip_address: 192.168.153.162
HTTPMETHOD: GET
La carga de respuesta contiene información sobre este NetScaler, incluido su ID:
{
"errorcode": 0,
"message": "Done",
….."tenant_id": "ec0eb868-0d6b-4729-bfbd-3005dd2694c1",
"resourceName": "",
"ns": [
{
"manufacturedate": "9/30/2009",
"is_grace": "false",
"hostname": "youcef-ns",
"std_bw_config": "0",
"gateway_deployment": "false",
"gateway_ipv6": "",
"ha_master_state": "Primary",
"instance_available": "0",
"device_finger_print": "",
"instance_state": "Down",
"reason": "Device not reachable",
"name": "",
"ent_bw_available": "0",
"description": "",
"id": "da9ffff2-c100-45f1-a913-c542718338b2",
"mgmt_ip_address": "192.168.153.162",
….
}
]
}
Crea tu StyleBook
El contenido completo del archivo StyleBook “my-own-gslb.yaml” se muestra a continuación: Puede usar este StyleBook personalizado como es o personalizarlo según sus necesidades para generar la configuración GSLB requerida. El parámetro importante de este StyleBook llamado «nombre-dominio» debe estar presente en cualquier StyleBook para hacer uso de la funcionalidad de nombres DNS.
name: my-own-gslb
namespace: com.citrix.adc.stylebooks
version: "1.0"
display-name: My own GSLB StyleBook
description: This StyleBook is used to configure one or a number of NetScalers in different sites into a GSLB setup. It is assumed that the SNIP IP on each NetScaler to be used by this StyleBook as the Site IP is already configured on the appliance.
schema-version: "1.0"
import-stylebooks:
-
namespace: netscaler.nitro.config
version: "10.5"
prefix: ns
-
namespace: com.citrix.adc.commontypes
version: "1.0"
prefix: cmtypes
parameters:
-
name: name
label: Application Name
type: string
required: true
key: true
-
name: domain-name
label: DNS Domain Name
description: GSLB DNS Domain Name
type: string
required: true
allowed-dynamic-values:
source: local
resource-type: dns_domain_entry
-
name: ttl
label: TTL for the Domain
description: Time-To-Live value (number of seconds) for the Domain
type: number
default: 30
-
name: algorithm
label: LB Algorithm
description: Global Load Balancing Algorithm
type: string
default: ROUNDROBIN
allowed-values:
- ROUNDROBIN
- STATICPROXIMITY
- SOURCEIPHASH
-
name: protocol
label: Protocol
description: The protocol of the GSLB VIP
type: string
default: HTTP
allowed-values:
- HTTP
- FTP
- TCP
- UDP
- SSL
- SSL_BRIDGE
- SSL_TCP
- NNTP
- ANY
- SIP_UDP
- SIP_TCP
- SIP_SSL
- RADIUS
- RDP
- RTSP
- MYSQL
- MSSQL
- ORACLE
-
name: monitor
label: LB Monitor
description: Monitor to be bound to the GSLB service
type: cmtypes::monitor
-
name: sites
label: GSLB Sites
description: Provide information about the GSLB Sites
type: object[]
required: true
parameters:
-
name: name
label: Site Name
type: string
required: true
-
name: ipaddress
label: Site IP Address
description: The IP Address of this Site. Use a SNIP IP address on the site's appliance.
type: ipaddress
required: true
-
name: public-ipaddress
label: Site Public IP Address
description: The Public IP Address of this Site. It NATs to the Site's IP address
type: ipaddress
-
name: virtual-ip
label: Site VIP IP
description: The IP Address for the GSLB Service on this site (The VIP on this Site)
type: ipaddress
required: true
-
name: virtual-port
label: Site VIP Port
description: The port number for the GSLB Service (VIP) on this site
type: tcp-port
default: 80
components:
-
name: enable-gslb-comp
type: ns::nsfeature
description: Enables the GSLB feature
meta-properties:
action: enable
properties:
feature: ["GSLB", "LB"]
-
name: gslb-monitor-comp
type: cmtypes::monitor
condition: $parameters.monitor
properties:
monitorname: $parameters.name + "-" + $parameters.monitor.monitorname + "-gslbmon"
type: $parameters.monitor.type
destip?: $parameters.monitor.destip
destport?: $parameters.monitor.destport
httprequest?: $parameters.monitor.httprequest
send?: $parameters.monitor.send
customheaders?: $parameters.monitor.customheaders
respcodes?: $parameters.monitor.respcodes
recv?: $parameters.monitor.recv
lrtm?: $parameters.monitor.lrtm
secure?: $parameters.monitor.secure
interval?: $parameters.monitor.interval
interval_units?: $parameters.monitor.interval_units
resptimeout?: $parameters.monitor.resptimeout
retries?: $parameters.monitor.retries
downtime?: $parameters.monitor.downtime
-
name: gslb-vserver-comp
type: ns::gslbvserver
description: Creates a GSLB VServer config object
properties:
name: $parameters.name + "-gslbvserver"
servicetype: $parameters.protocol
lbmethod: $parameters.algorithm
components:
-
name: gslb-domain-comp
type: ns::gslbvserver_domain_binding
properties:
name: $parent.properties.name
domainname: $parameters.domain-name
ttl: $parameters.ttl
-
name: gslb-site-comp
type: ns::gslbsite
description: Creates a GSLB Site config object
repeat: $parameters.sites
repeat-item: site
properties:
sitename: $parameters.name + "-" + $site.name + "-gslbsite"
siteipaddress: $site.ipaddress
publicip?: $site.public-ipaddress
components:
-
name: gslb-service-comp
type: ns::gslbservice
description: Creates a GSLB Service
properties:
servicename: $parameters.name + "-" + $site.name + "-gslbservice"
ip: $site.virtual-ip
servicetype: $parameters.protocol
port: $site.virtual-port
sitename: $parent.properties.sitename
components:
-
name: gslb-vserver-service-binding-comp
type: ns::gslbvserver_gslbservice_binding
description: Creates a Binding between the GSLB vserver and the GSLB Service
properties:
name: $components.gslb-vserver-comp.properties.name
servicename: $parent.properties.servicename
-
name: gslb-service-monitor-binding-comp
type: ns::gslbservice_lbmonitor_binding
description: Creates a Binding between the GSLB service and the GSLB monitor
condition: $parameters.monitor
properties:
servicename: $parent.properties.servicename
monitor_name: $components.gslb-monitor-comp.properties.monitorname