-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't add Netscaler VPX #5876
Comments
In plugins/network-elements/netscaler/src/main/java/com/cloud/network/resource/NetscalerResource.java `if (_deviceName.equalsIgnoreCase("NetscalerMPXLoadBalancer") && nsHw.get_hwdescription().contains("MPX") || Netscaler 13 per example shows : "Netscaler Remote Licensed Virtual Appliance 450000" |
Thanks @kurushi9000 for reporting, the community doesn't have access to netscaler device and the old netscaler plugin isn't maintained for years - you should contact the vendor (Citrix) to help maintain the network plugin or get them to sponsor test infrastructure for the same. |
Hello @rohityadavcloud , i tested creating a new account on citrix.com and saw Vpx is free and available for downloading |
I started testing on VPX 13 freemium Here in the logs of mgmt server ACS 4.16 2022-01-19 15:55:37,639 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-45:ctx-5a07e50a job-177) (logid:83b1eaf3) Complete async job-177, jobStatus: FAILED, resultCode: 530, result: org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":"530","errortext":"Failed to log in to Netscaler device at "a.b.c.d" due to Certificates do not conform to algorithm constraints"} EDIT : for vpx 11.0, this is an issue due to Ssl ciphers used But it seems it is working for vpx 11 if there is a licence on platform for vpx 12 and 13, the free versions are licensed with an Express 20Mbps and features on platform are available I think there is still the error due to plugins/network-elements/netscaler/src/main/java/com/cloud/network/resource/NetscalerResource.java checking In vpx 11 platform value : NetScaler Virtual Appliance 450000 |
@sureshanaparti , this is well working with vpx12 and vpx13 The only issue with VPX is when testing type of Netscaler when adding the VPX to ACS. I successed to add vpx12 and vpx13 to ACS 4.16 👍 The only bug is about the check with "Netscaler Remote Licensed Virtual Appliance 450000" On vpx 11.0 ns hardware description give : "NetScaler Virtual Appliance 450000" (I.e : plugins/network-elements/netscaler/src/main/java/com/cloud/network/resource/NetscalerResource.java) This bug could be easily been corrected in 4.16.1, no ? |
@rohityadavcloud @sureshanaparti If a Netscaler is being added with vpx11, once upgrade is done towards vpx13, default password is forced to change So when vpx13 password is changed, it need to be changed in ACS Database as there are no Gui for this on ACS for an existing Netscaler device There is an online encryption tool here : https://www.devglan.com/online-tools/jasypt-online-encryption-decryption The encrypted password to be changed is on host_details, entry named 'password' where "host_details"."host_id" is "external_load_balancer_devices"."host_id" Created an VPC Redundant Offering with Netscaler public LB capability . Due to password change, ACS is trying to connect in background to Netscaler devices, it could pass in state "Disconnected" in host table Tested on vpx 11.0, vpx 12.1 and vpx 13.0 build 84.11 |
@BenoitLair is there any work on this going on? |
It wouldn't be possible to do this as we don't have access to the said component/hardware/appliance. Need more information. |
Hello Rohit, Adding Netscaler is not possible due to "Platform" label value checking with value "NetScaler Virtual Appliance 450000" which is now is now "Netscaler Remote Licensed Virtual Appliance 450000" The test should implement checking LIKE "Netscaler%%Virtual Appliance 450000" Also there are been some minor changes when working with a VPC with External Load balancer of type Netscaler For working with it i installed a Nginx mounting NS ip device declared in ACS and forwarding request to a NS MIP ip For bypassing i have done the following :
I used lua rewrite file and subfilters in order to adapt NS API changes ` upstream tunnel_ns-vpx13-ssl { proxy_cache_path /var/cache/nginx-vpx13-ssl levels=1:2 keys_zone=ns-vpx13-ssl_cache:10m max_size=3g inactive=120m use_temp_path=off; server{ ssl_certificate /etc/ssl/certs/cert-selfsigned.crt; access_log /var/log/nginx/ns-vpx13-ssl-access.log; location / {
}` vpx13-prod-ee.ff.gg.hh.lua.txt Content of /etc/nginx/vpx13-prod-ee.ff.gg.hh.lua
-- build up the new JSON string for k,v in pairs(params) do ngx.req.set_body_data(newbody) function format_http_vservers_protocol() if ngx.req.get_method() == "POST" then format_http_vservers_protocol() -- ngx.req.read_body() ` |
This could be a blocker for me in order to upgrade from CS 4.16 to next versions of CS |
Thanks for sharing @BenoitLair I don't work for Citrix to answer your question. But ultimately this is a 3rd party component we don't have access to test/maintain support in CloudStack. As an opensource project we welcome any contribution from the vendor or even users, so if you can figure out a workaround you can help document that or reach out to the vendor to have this fixed. |
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
STEPS TO REPRODUCE
Configuring NSIP, SNIP a vlan on 1/2 and a SNIP on this vlan binding on 1/2
On an advanced zone, Network Service Providers, Netscaler menu
Add a Netscaler device form with the following entries :
ip : NSIP
user : nsroot
mdp : pass
type : Netscaler VPX Loadbalancer
public interface : 1/2
private interface 1/1
dedicated : true
EXPECTED RESULTS
ACTUAL RESULTS
Add Netscaler device
(Netscaler) Failed to verify device type specified when matching with actuall device type due to Netscalar device type specified does not match with the actuall device type.
The text was updated successfully, but these errors were encountered: