使用 DNS 域名部署 GSLB 配置
Citrix Application Delivery Management (ADM) 中的新 RBAC 增强功能仅允许授权的应用程序所有者在 Citrix ADM 中创建和管理自己的 DNS 域。现在,您可以授权应用程序所有者使用特定样本,从他们拥有的 DNS 域创建 GSLB 配置。如果所选 DNS 域名归用户所有,则可以在 Citrix ADM 应用程序控制板中使用 GSLB 样本创建 GSLB 配置时使用该域名。Citrix ADM 中 有两个工作流来配置 GSLB 配置。
管理员的工作流程。在 Citrix ADM 中设置 RBAC 环境。也就是说,要创建和导入 GSLB 样本,必须创建用户组、策略和角色,并将用户分配到该组。作为管理员,您必须执行此工作流程。
应用程序所有者的工作流。应用程序所有者必须使用他们拥有的域名创建 GSLB 配置。
以下流程图描述了两个工作流程:
管理员的工作流
作为管理员,在 Citrix ADM 中创建 RBAC 环境的工作流包括以下步骤:
首先,创建样本以在 Citrix ADC 实例上部署 GSLB 配置。本文档提供了一个示例 YAML 内容,以帮助您创建自己的样本-构建您的样本。
有关如何创建自定义样本的更多信息,请参阅创建和使用自定义样本。
注意
Citrix ADM 支持样本中名为 “允许的动态值” 的新构造。 “ 此构造可用于允许用户列出并从 Citrix ADM 中存在的 DNS 域值中进行选择,以便在 Citrix ADM GUI 的样本中自动填充 “域名” 参数。
提供了一个示例 “域名” 参数部分供您参考。
这里使用的 “域名” 参数只是一个例子。自定义样本中的参数可能会有所不同。
- name: domain-name label: DNS Domain Name description: GSLB DNS Domain Name type: string required: true allowed-dynamic-values: source: local resource-type: dns_domain_entry 注意
目前在 Citrix ADM 中,任何默认样本中都不使用 “允许的动态值” 构造。通过使用默认 GSLB 样本创建新的自定义 GSLB 样本。将域名参数部分替换为上面提供的示例。您可以使用任何文本编辑器来创建新样本。
以管理员身份登录到 Citrix ADM。
导航到应用程序>配置>样书。
单击导入新样本,然后将新的 GSLB 样本上传到 Citrix ADM。
有关如何在 Citrix ADM 中导入样本的更多信息,请参阅使用自定义样本。
导航到系统>用户>策略”,然后单击添加为应用程序所有者设置访问策略,如下所示。
Citrix 建议您创建访问策略,以确保应用程序所有者不会逃避您设置的 RBAC 规则。
键入策略的名称和简要描述。在 “权限” 部分中,确保强制性检查以下视图编辑权限。
应用程序 > 控制板
应用程序 > 配置
网络 > 实例
网络 > 许可证管理
网络 > DNS 域名
您可以提供适用的其他权限,然后单击创建”。
导航到系统>用户>角色”,然后创建角色并分配在上一步中创建的策略。
键入角色的名称并提供简要描述。在 “策略” 部分中,选择 “公共服务器”。
导航到系统>用户>组”,然后创建一个组并关联在上一步中创建的角色。
键入名称和描述,然后在 “角色” 部分,选择 “应用程序采样器”。
单击下一步。
在授权设置选项卡中,选择应用程序所有者有权访问的 Citrix ADC 实例和新的 GSLB 样本。
重复此步骤可根据需要在组织中创建任意数量的用户组。单击创建组。
创建系统用户并将该用户分配给用户组。本文档仅指本地创建的用户。如果 Citrix ADM 设置为使用外部身份验证(例如 LDAP),则无需在用户组中创建用户。从外部身份验证目录中检索到到组的用户映射。
导航到系统>用户>用户。
键入系统用户的用户名和密码,然后将用户分配到该组。
注意
步骤 12 是可选的,如果使用外部身份验证(如 LDAP),则不需要步骤 12。
用于管理工作流程的 Citrix ADM REST API
用于登录到 Citrix ADM 的 REST API
URL:http:///nitro/v 2/config/loginHTTPMETHOD:POSTBodyPayload:{"login":{"username":"" ,"password":"" ,"session_timeout":1800}}Theresponseresultsinasessioncookieheader,thatcanbesentwiththerestoftheAPIrequestsbelow.Set-Cookie:SESSID=##ED31F7C886E248CCDCA8F0E0AD2AA511ACCC5F46C48D6D2BCAA719A9DE62;path=/;secure;HttpOnly用于创建访问策略的 REST API
URL:https:///nitro/v 2/config/rba_policyHTTPMETHOD:POST{"rba_policy":{"name":" AppOwnerAccessPolicy","description":" ExampleCompany AppOwner Access Policy","tenant_id":"7c12ec97-1472-4096-97e7-a5acb453cc5c","statement":[{"access_type":true,"resource_type":"application","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server,app_category"},{"access_type":true,"resource_type":"application","operation_name":"get","dependent_resources":"download,smtp_server,ns_vserver_license,app_category,app_summary,app_health_dashboard_details,haproxy_frontend,haproxy_backend,haproxy_frontend_stats"},{"access_type":true,"resource_type":"si_app_unit","operation_name":"get","dependent_resources":"download,smtp_server,app_summary,si_app_summary,si_device,security_app_dashboard_details,si_geo_location,si_safety_app_firewall,si_safety_overview,si_safety_security_check,si_safety_system_security,si_safety_signature"},{"access_type":true,"resource_type":"stylebooks","operation_name":"get","dependent_resources":"download,smtp_server,ns_vserver_license"},{"access_type":true,"resource_type":"stylebooks","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"configpacks","operation_name":"get","dependent_resources":"download,smtp_server,stylebooks,ns_vserver_license"},{"access_type":true,"resource_type":"configpacks","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"stylebooks_system_settings","operation_name":"get","dependent_resources":"download,smtp_server"},{"access_type":true,"resource_type":"stylebooks_system_settings","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"ns_crvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_cache_redirection_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_crvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"haproxy_frontend","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,haproxy_backend,haproxy_server"},{"access_type":true,"resource_type":"haproxy_frontend","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"ns_server","operation_name":"get","dependent_resources":“下载、DeviceAPIProxy smtp_server, ns_emon_poll_policy,poll_activity_status,ns_server,lb_export_report"},{"access_type":true,"resource_type":"ns_server","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,lb_export_report"},{"access_type":true,"resource_type":"ns_lbvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_lb_vserver_report,ns_emon_poll_policy,poll_activity_status,lb_export_report"},{"access_type":true,"resource_type":"ns_lbvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,lb_export_report"},{"access_type":true,"resource_type":"ns_service","operation_name":"get","dependent_resources":“下载、DeviceAPIProxy smtp_server, ns_emon_poll_policy,poll_activity_status,ns_visualizer_lb_bindings,lb_export_report"},{"access_type":true,"resource_type":"ns_service","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_visualizer_lb_bindings,lb_export_report"},{"access_type":true,"resource_type":"ns_servicegroup","operation_name":"get","dependent_resources":“下载、DeviceAPIProxy smtp_server, ns_emon_poll_policy,poll_activity_status,ns_servicegroupmember_binding,ns_visualizer_lb_bindings,lb_export_report"},{"access_type":true,"resource_type":"ns_servicegroup","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_servicegroupmember_binding,ns_visualizer_lb_bindings,lb_export_report"},{"access_type":true,"resource_type":"ns_authenticationvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_authentication_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_authenticationvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"syslog_messages","operation_name":"get","dependent_resources":"download,smtp_server"},{"access_type":true,"resource_type":"ns_emon_poll_policy","operation_name":"get","dependent_resources":"download,poll_activity_status,smtp_server"},{"access_type":true,"resource_type":"ns_emon_poll_policy","operation_name":"add","dependent_resources":"download,poll_activity_status,mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"ns_visualizer_gslb_bindings","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,ns_gslbvserver_domain,lb_export_report"},{"access_type":true,"resource_type":"ns_visualizer_gslb_bindings","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,poll_activity_status,ns_emon_poll_policy,ns_gslbvserver_domain,lb_export_report"},{"access_type":true,"resource_type":"ns_gslbservice","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_gslbservice","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_gslbvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_global_server_load_balancing_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_gslbvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_vpnvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_vpnvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_ssl_vpn_report,poll_activity_status,ns_emon_poll_policy,lb_export_report"},{"access_type":true,"resource_type":"ns_csvserver","operation_name":"get","dependent_resources":"download,DeviceAPIProxy,smtp_server,perf_content_switching_report,ns_emon_poll_policy,poll_activity_status,ns_visualizer_cs_bindings,lb_export_report"},{"access_type":true,"resource_type":"ns_csvserver","operation_name":"add","dependent_resources":"DeviceAPIProxy,mail_profile,slack_profile,smtp_server,ns_emon_poll_policy,poll_activity_status,ns_visualizer_cs_bindings,lb_export_report"},{"access_type":true,"resource_type":"dns_domain_entry","operation_name":"get","dependent_resources":""},{"access_type":true,"resource_type":"dns_domain_entry","operation_name":"add","dependent_resources":""},{"access_type":true,"resource_type":"devicewise_detail_summary","operation_name":"get","dependent_resources":"download,mps_user_heatmap,ns_event,mps_agent,active_event,smtp_server,mps_datacenter,event_severity_report,event_device_report,ns_conf,device_event_summary"},{"access_type":true,"resource_type":"devicewise_detail_summary","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"cbwanopt","operation_name":"get","dependent_resources":"download,device_backup,traceroute,inventory,inventory_status,ping,mps_datacenter,cbwanopt_device_profile,sdwanvw_device_profile,sdwanvw_snmp_config,sdwanvw_appflowconfig,smtp_server,cbwanopt_snmp_config,cbwanopt_appflowconfig,sdwanvw,tag"},{"access_type":true,"resource_type":"cbwanopt","operation_name":"add","dependent_resources":"inventory,managed_device,device_backup,upload,cbwanopt_device_profile,mps_datacenter,mail_profile,slack_profile,smtp_server,sdwanvw_device_profile,sdwanvw_snmp_config,sdwanvw_appflowconfig,cbwanopt_snmp_config,cbwanopt_appflowconfig,sdwanvw,tag"},{"access_type":true,"resource_type":"device_login","operation_name":"get","dependent_resources":""},{"access_type":true,"resource_type":"ns","operation_name":"get","dependent_resources":"download,ns_config_replicate,ns_conf,ns_ns_runningconfig,ns_ns_savedconfig,active_event,device_backup,traceroute,inventory,inventory_status,ping,ns_device_profile,nssdx_device_profile,sdx_snmp_config,sdx_syslog_config,smtp_server,ns_cluster,ns_snmp_config,ns_syslog_config,ns_l7_latency_config,ica_l7_latency_update,af_vserver_policy,ns_vserver_appflow_config,mps_datacenter,ns_appflow_param_config,ns_ns_license,ns_ns_mode,ns_network_interface,advanced_analytics_config,tag"},{"access_type":true,"resource_type":"ns","operation_name":"add","dependent_resources":"inventory,ns_l7_latency_config,ica_l7_latency_update,af_vserver_policy,ns_config_replicate,managed_device,device_backup,upload,ns_device_profile,nssdx_device_profile,mps_datacenter,sdx_snmp_config,sdx_syslog_config,mail_profile,slack_profile,smtp_server,ns_cluster,ns_snmp_config,ns_syslog_config,ns_vserver_appflow_config,ns_appflow_param_config,advanced_analytics_config,tag"},{"access_type":true,"resource_type":"haproxyhost","operation_name":"get","dependent_resources":"download,traceroute,inventory,inventory_status,ping,mps_datacenter,smtp_server,haproxy_device_profile,device_backup,tag"},{"access_type":true,"resource_type":"haproxyhost","operation_name":"add","dependent_resources":"inventory,managed_device,mail_profile,slack_profile,smtp_server,mps_datacenter,haproxy_device_profile,haproxy,device_backup,tag"},{"access_type":true,"resource_type":"docker_host","operation_name":"add","dependent_resources":"inventory,ns_snmp_config,managed_device,ns,upload,mail_profile,slack_profile,smtp_server,mps_datacenter,ns_device_profile,docker_nscpx_image"},{"access_type":true,"resource_type":"docker_host","operation_name":"get","dependent_resources":"download,ns_snmp_config,ns_conf,ns_ns_runningconfig,ns_ns_savedconfig,smtp_server,mps_datacenter,ns_device_profile,traceroute,inventory,inventory_status,ping,active_event,ns_ns_license,ns_ns_mode,ns_network_interface"},{"access_type":true,"resource_type":"perf_reports","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server,perf_custom_dashboard"},{"access_type":true,"resource_type":"perf_reports","operation_name":"get","dependent_resources":“下载、smtp_server perf_report_counters, perf_res_util_report,perf_http_req_tcp_conn_report,perf_lb_ssl_traffic_report,perf_ip_bytes_rxtx_report,perf_ip_pkt_rxtx_report,perf_icmp_pkt_rxtx_report,perf_icmp_bytes_rxtx_report,perf_icmpv6_pkt_rxtx_report,perf_icmpv6_bytes_rxtx_report,perf_ipv6_bytes_rxtx_report,perf_ipv6_pkt_rxtx_report,perf_udp_bytes_rxtx_report,perf_udp_packets_rxtx_report,perf_cmp_bytes_rxtx_report,perf_cmp_tcp_bytes_rxtx_report,perf_cmp_tcp_ratiosaving_report,perf_cmp_decmp_bytes_rxtx_report,perf_cmp_decmp_ratiosaving_report,perf_tcp_server_conn_report,perf_tcp_surgelen_spareconn_report,perf_http_bytes_rx_report,perf_http_gets_posts_report,perf_ssl_transactions_hits_report,perf_ssl_client_auth_report,perf_ssl_rsa_dhkey_report,perf_ssl_frontend_ciphers_report,perf_ssl_backend_ciphers_report,perf_wsdevice_cpu_utilization_report,perf_wsdevice_send_compression_ratio_report,perf_wsdevice_connected_plugins_report,perf_wsdevice_data_reduction_report,perf_wsdevice_link_utilization_report,perf_wsserviceclassstatstable_pass_through_connection_report,perf_wsserviceclassstatstable_service_class_report,perf_wsserviceclassstatstable_acceleration_report,perf_wslinkstatstable_throughput_report,perf_wslinkstatstable_packet_loss_report,perf_wsappstatstable_application_report,perf_wsqosstatstable_qos_report,perf_ssl_cpu_keyexchange_report,perf_ssl_be_rsa_dhkey_report,perf_custom_dashboard,perf_ns_throughput_report,perf_network_interface_report"},{"access_type":true,"resource_type":"perf_threshold","operation_name":"get","dependent_resources":"download,perf_reports,perf_report_counters,smtp_server,sms_server,sms_profile"},{"access_type":true,"resource_type":"perf_threshold","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server,sms_server,sms_profile"},{"access_type":true,"resource_type":"perf_poll_config","operation_name":"add","dependent_resources":"mail_profile,slack_profile,smtp_server"},{"access_type":true,"resource_type":"perf_poll_config","operation_name":"get","dependent_resources":"smtp_server,download"},{"access_type":true,"resource_type":"license_server_info","operation_name":"get","dependent_resources":"sms_server,license_proxy_server,jazz_license,download,sms_profile,smtp_server,user_managed_tp_vserver,managed_vserver,user_managed_vserver,haproxy_frontend,haproxy_backend,license_file,device_license_info,license_info,ns_authenticationvserver,ns_gslbvserver,ns_vpnvserver,ns_csvserver,ns_crvserver,ns_lbvserver,autoselection_preference,license_threshold,license_expiry_info"},{"access_type":true,"resource_type":"license_server_info","operation_name":"add","dependent_resources":"sms_server,license_proxy_server,jazz_license,sms_profile,mail_profile,slack_profile,smtp_server,user_managed_tp_vserver,managed_vserver,upload,license_file,license_info,license_threshold,mas_license,user_managed_vserver,autoselection_preference,license_expiry_info"}],"ui":[{"access_type":true,"name":"ApplicationsDashboard","display_name":"Dashboard"},{"access_type":true,"name":"SecurityDashboard","display_name":"App Security Dashboard"},{"access_type":true,"name":"Stylebooks","display_name":"StyleBooks"},{"access_type":true,"name":"Stylebooks","display_name":"Configpacks"},{"access_type":true,"name":"StylebooksSettings","display_name":"Settings"},{"access_type":true,"name":"CacheRedirection","display_name":“缓存Redirection"},{"access_type":true,"name":"HAProxy","display_name":"HAProxy"},{"access_type":true,"name":"Servers","display_name":"Servers"},{"access_type":true,"name":"VirtualServers","display_name":"Virtual Servers"},{"access_type":true,"name":"Services","display_name":"Services"},{"access_type":true,"name":"ServiceGroups","display_name":"Service Groups"},{"access_type":true,"name":“身份验证”,"display_name":“身份验证”},{"access_type":true,"name":"MonitoringAuditing","display_name":"Auditing"},{"access_type":true,"name":"MonitoringSettings","display_name":"Settings"},{"access_type":true,"name":"GSLBDomains","display_name":"Domains"},{"access_type":true,"name":"GSLBServices","display_name":"Services"},{"access_type":true,"name":“GSLBVirtualServer”,"display_name":"Virtual Server"},{"access_type":true,"name":"NetScalerGateway","display_name":"NetScaler Gateway"},{"access_type":true,"name":"ContentSwitching","display_name":"Content Switching"},{"access_type":true,"name":"DNSDomainNames","display_name":"DNS Domain Names"},{"access_type":true,"name":"NetworkDashboard","display_name":"Instances Dashboard"},{"access_type":true,"name":"NetScalerSDWANWOInstances","display_name":"NetScaler SD-WAN"},{"access_type":true,"name":"InstanceOperations","display_name":"Instance Operations"},{"access_type":true,"name":"NetScalerInstances","display_name":"NetScaler ADC"},{"access_type":true,"name":"HAProxyInstances","display_name":"HAProxy"},{"access_type":true,"name":"NetScalerCPXDockerHost","display_name":"Docker Hosts"},{"access_type":true,"name":"Reports","display_name":"Reports"},{"access_type":true,"name":"Thresholds","display_name":"Thresholds"},{"access_type":true,"name":"ReportingSettings","display_name":"Settings"},{"access_type":true,"name":"Licenses","display_name":"License Management"}]}}用于创建访问角色的 REST API
URL:https:///nitro/v 2/config/rba_roleHTTPMETHOD:POSTPayload:{"rba_role":{"name":"AppOwnerRole","description":"ExampleCompany App Owner Role","policies":["AppOwnerAccessPolicy"]}用于上传新的 GSLB 样本的 REST API
URL:https:///stylebook/nitro/v 2/config/stylebooksHTTPMETHOD:POSTPayload:{"stylebook":{"file_name":"my-own-gslb.yaml","source":"bmFtZTogZ3NsYi1kbnMtZG9tYW...aXRvcm5hbWU=","encoding":"base64"}}**注
意**您的系统上样本的名称可能会更改。
REST API 用于创建组并分配所选实例和样本
URL:https:///nitro/v 2/config/mpsgroupHTTPMETHOD:POSTPayload:{"mpsgroup":{"id":"","name":"AppOwnerGroup1","description":"ExampleCompany App Owner Group","roles":["AppOwnerRole"],"enable_session_timeout":false,"assign_all_devices":false,"ass ign_all_apps":false,"application_names_with_regex":[],"standalone_instances_id":["72c178da-47df-4426-9acc-cd6316f92506","c948061e-6240-4062-931c-f6988ef36e3b"],"application_list":[],"permission":"none","application_names":[],"authscope_props":[{"propname":"configuration_template_id","propvalues":["NONE"]},{"propname":"dns_domain_entry_id","propvalues":["cf6631e5-2f56-4bb1-b0a5-90fabfc0e3e2","b268905c-522d-47e3-a2ca-3f8d8a754373"]},{"propname":"stylebook_id","propvalues":["gslbbb963abe85936913035e1d4dd14b56f7","moni72fad4494466d102b19c18ac329fa9f3"]}],"tenant_id":"6d024111-6636-4571-a250-d47b31aba7a8"}}注意为了获取要
在上述 API 负载中使用的 DNS 域名的 ID 和 GSLB 样本,您可以使用常规 Citrix ADM API 查询与实体名称对应的 ID。例如,要获取名为 “app1.acme.com” 的 DNS 域的 ID,可以使用以下 Citrix ADM REST API。
URL:https:///nitro/v 2/config/dns_domain_entry?filter=name:app1.acme.comHTTPMETHOD:GETTheIDofthisdomaincanbeextractedfromthefollowingresponse.{"errorcode":0,"message":"Done","operation":"get","resourceType":"dns_domain_entry","username":"nsroot","tenant_name":"Owner","tenant_id":"568d8e12-1d88-42b2-8943-cbaa04826fd1","resourceName":"","dns_domain_entry":[{"tenant_id":"568d8e12-1d88-42b2-8943-cbaa04826fd1","name":"app1.acme.com","id":"3e3d85ea-1c21-49b2-97f4-60fccdbae2e0","description":"app1 domain name"}]}同样,要获取命名空间为 com.citrix.adc.stylebook 的样书的样书 ID,版本:1.0,name:my-own-gslb,可以使用以下 API。
URL:https:///stylebook/nitro/v 1/config/stylebooks?filter=name:my-own-gslb,namespace:com.citrix.adc.stylebooks,version:1.0HTTPMETHOD:GET响应包含样本详细信息,包括其 ID 属性。
{"stylebooks":[{"author":null,"builtin":"false","builtins":"{"netscaler.nitro.config": "10.5"}","deprecate":"false","description":" This StyleBook is used to configure one or a number of Citrix ADCs in different sites into a GSLB setup. It is assumed that the SNIP IP on each Citrix ADC to be used by this StyleBook as the Site IP is already configured on the appliance.","display_name":"HTTP/SSL LoadBalancing StyleBook","filename":"my-own-gslb.yaml","hide":null,"id":"gslb5a748d8b7684846cf6c409ad7dea8ccf","imported_by":"",“imported_datetime”:"2018-05-25 17:20:32.848902","name":"my-own-gslb","namespace":"com.citrix.adc.stylebooks","pkg_id":"gslb5a748d8b7684846cf6c409ad7dea8ccf","primary_keys":"["name"]","private":"false","recompile":"false","schema_version":"1.0","source":"LS0tIApuYW1lOiBsYgpuYW1lc…","system":null,"tags":"","tenant_id":null,"user_sb":"false","version":"1.0"},{…}]}注意
上述API返回与筛选器匹配的样本列的表。请确保从响应中选择正确样本以检索ID。
用于创建系统用户的 REST API
注意
此步骤是可选的。
URL:https:///nitro/v 2/config/mpsuserHTTPMETHOD:POSTPayload:{"mpsuser":{"name":"John","password":"welcome","external_authentication":false,"enable_session_timeout":false,"groups":["AppOwnerGroup1"]}}应用程序所有者的工作流
您的用户必须使用其凭据以应用程序用户身份登录。用户必须按照此任务创建自己的 DNS 域名并使用新的 GSLB 样本。
在 Citrix ADM 中,导航到网络>DNS 域名。
单击添加以创建新的 DNS 域。在 Citrix ADM 中创建 DNS 域。
注意
作为管理员,您还可以创建这些域名并将它们分配给用户组。
导航到应用程序>控制板,然后单击定义自定义应用程序。
键入应用程序的名称并选择类别。选择从样本创建新应用程序”,然后单击确定。选择我自己的 GSLB 样本以在所选实例上部署配置。
在样本中键入所有参数所需的值。
从列表中选择域名。
添加您的应用程序的 GSLB 网站(如适用)。
在所有 GSLB 站点中选择目标 Citrix ADC 实例。
单击创建以创建 GSLB 配置。
**注
意**样本参数 “DNS 域名” 仅显示属于 Citrix ADM 中用户的 DNS 域的列表。
面向应用所有者工作流的 Citrix ADM REST API
用于登录到 Citrix ADM 的 REST API
URL:http:///nitro/v 2/config/loginHTTPMETHOD:POSTPayload:{"login":{"username":"" ,"password":"" ,"session_timeout":1800}}用于创建 DNS 域名的 REST API
URL:https:///nitro/v 2/config/dns_domain_entryHTTPMETHOD:POSTPAYLOAD:{"dns_domain_entry":{"name":"app1.acme.com","description":"app1 acme domain"}}使用样本创建应用程序的 REST API
URL:https:///nitro/v 2/config/applicationHTTPMETHOD:POSTPayload:{"params":{"action":"app_discovery"},"application":{"id":"","name":"app1","app_c ategory":"ITOps","stylebook_params":"{"name":"my-own-gslb","namespace":"com.citrix.adc.stylebooks","version":"1.0","configpack_payload":{"parameters":{"name":"app1","domain-name":"app1.acme.com",]"ttl":"30","algorithm":"ROUNDROBIN","protocol":"HTTP","sites":[{"name":"site1","ipaddress":"6.5.6.77","virtual-ip":"88.6.5.44","virtual-port":"80"}]},"targets":[ {"id":"72c178da-47df-4426-9acc-cd6316f92506"}, {"id":"0e4d0789-bffe-4266-ba1c-09adfc61db4e"}, {"id":"b5af4455-3f06-4f56-b0cb-3d9f868c1f94"}]}}"}}在上述有效载荷中:
“样本 _params” 包含要使用的样本的名称、命名空间和版本。
“configpack _有效载荷” 包含样本的已填充参数,如上面的等效 GUI 表单所示。Citrix ADM 确保只有用户有权访问的 DNS 域名可用作参数 “域名” 的值。
“目标” 包含将在其上部署 GSLB 配置的 NetScaler ID 列表(GSLB 站点上的 ADC 实例)。
要获取给定 NetScaler 管理 IP 地址的 NetScaler ID,可以使用以下 Citrix ADM API:
URL:https:///nitro/v 2/config/ns?filter=ip_address:192.168.153.162HTTPMETHOD:GET响应负载包含有关此 NetScaler 的信息,包括其 ID:
{"errorcode":0,"message":"Done",….."tenant_id":"ec0eb868-0d6b-4729-bfbd-3005dd2694c1","resourceName":"","ns":[{"manufacturedate":"9/30/2009","is_grace":"false","hostname":"youcef-ns","std_bw_config":"0","gateway_deployment":"false","gateway_ipv6":"","ha_master_state":"Primary","instance_available":"0","device_finger_print":"","instance_state":"Down","reason":“设备不可以”,"name":"","ent_bw_available":"0","description":"","id":"da9ffff2-c100-45f1-a913-c542718338b2","mgmt_ip_address":"192.168.153.162",….}]}构建您的样本
文件 “我的 own-gslb.yaml” 样本的完整内容如下所示: 您可以按照现在的方式使用此自定义样本或根据需要自定义它来生成所需的 GSLB 配置。此样书中名为 “域名” 的重要参数必须存在于任何样书中才能使用 DNS 名称功能。
name:my-own-gslbnamespace:com.citrix.adc.stylebooksversion:"1.0"display-name:My own GSLB StyleBookdescription:This StyleBook is used to configure one or a number of NetScalers in different sites into a GSLB setup. It is assumed that the SNIP IP on each NetScaler to be used by this StyleBook as the Site IP is already configured on the appliance.schema-version:"1.0"import-stylebooks:-namespace:netscaler.nitro.configversion:"10.5"prefix:ns-namespace:com.citrix.adc.commontypesversion:"1.0"prefix:cmtypesparameters:-name:namelabel:Application Nametype:stringrequired:truekey:true-name:domain-namelabel:DNS Domain Namedescription:GSLB DNS Domain Nametype:stringrequired:trueallowed-dynamic-values:source:localresource-type:dns_domain_entry-name:ttllabel:TTL for the Domaindescription:Time-To-Live value (number of seconds) for the Domaintype:numberdefault:30-name:algorithmlabel:LB Algorithmdescription:Global Load Balancing Algorithmtype:stringdefault:ROUNDROBINallowed-values:-ROUNDROBIN-STATICPROXIMITY-SOURCEIPHASH-name:protocollabel:Protocoldescription:The protocol of the GSLB VIPtype:stringdefault:HTTPallowed-values:-HTTP-FTP-TCP-UDP-SSL-SSL_BRIDGE-SSL_TCP-NNTP-ANY-SIP_UDP-SIP_TCP-SIP_SSL-RADIUS-RDP-RTSP-MYSQL-MSSQL-ORACLE-name:monitorlabel:LB Monitordescription:Monitor to be bound to the GSLB servicetype:cmtypes::monitor-name:siteslabel:GSLB Sitesdescription:Provide information about the GSLB Sitestype:object[]required:trueparameters:-name:namelabel:Site Nametype:stringrequired:true-name:ipaddresslabel:Site IP Addressdescription:The IP Address of this Site. Use a SNIP IP address on the site's appliance.type:ipaddressrequired:true-name:public-ipaddresslabel:Site Public IP Addressdescription:The Public IP Address of this Site. It NATs to the Site's IP addresstype:ipaddress-name:virtual-iplabel:Site VIP IPdescription:The IP Address for the GSLB Service on this site (The VIP on this Site)type:ipaddressrequired:true-name:virtual-portlabel:Site VIP Portdescription:The port number for the GSLB Service (VIP) on this sitetype:tcp-portdefault:80components:-name:enable-gslb-comptype:ns::nsfeaturedescription:Enables the GSLB featuremeta-properties:action:enableproperties:feature:["GSLB","LB"]-name:gslb-monitor-comptype:cmtypes::monitorcondition:$parameters.monitorproperties:monitorname:$parameters.name + "-" + $parameters.monitor.monitorname + "-gslbmon"type:$parameters.monitor.typedestip?:$parameters.monitor.destipdestport?:$parameters.monitor.destporthttprequest?:$parameters.monitor.httprequestsend?:$parameters.monitor.sendcustomheaders?:$parameters.monitor.customheadersrespcodes?:$parameters.monitor.respcodesrecv?:$parameters.monitor.recvlrtm?:$parameters.monitor.lrtmsecure?:$parameters.monitor.secureinterval?:$parameters.monitor.intervalinterval_units?:$parameters.monitor.interval_unitsresptimeout?:$parameters.monitor.resptimeoutretries?:$parameters.monitor.retriesdowntime?:$parameters.monitor.downtime-name:gslb-vserver-comptype:ns::gslbvserverdescription:Creates a GSLB VServer config objectproperties:name:$parameters.name + "-gslbvserver"servicetype:$parameters.protocollbmethod:$parameters.algorithmcomponents:-name:gslb-domain-comptype:ns::gslbvserver_domain_bindingproperties:name:$parent.properties.namedomainname:$parameters.domain-namettl:$parameters.ttl-name:gslb-site-comptype:ns::gslbsitedescription:Creates a GSLB Site config objectrepeat:$parameters.sitesrepeat-item:siteproperties:sitename:$parameters.name + "-" + $site.name + "-gslbsite"siteipaddress:$site.ipaddresspublicip?:$site.public-ipaddresscomponents:-name:gslb-service-comptype:ns::gslbservicedescription:Creates a GSLB Serviceproperties:servicename:$parameters.name + "-" + $site.name + "-gslbservice"ip:$site.virtual-ipservicetype:$parameters.protocolport:$site.virtual-portsitename:$parent.properties.sitenamecomponents:-name:gslb-vserver-service-binding-comptype:ns::gslbvserver_gslbservice_bindingdescription:Creates a Binding between the GSLB vserver and the GSLB Serviceproperties:name:$components.gslb-vserver-comp.properties.nameservicename:$parent.properties.servicename-name:gslb-service-monitor-binding-comptype:ns::gslbservice_lbmonitor_bindingdescription:Creates a Binding between the GSLB service and the GSLB monitorcondition:$parameters.monitorproperties:servicename:$parent.properties.servicenamemonitor_name:$components.gslb-monitor-comp.properties.monitorname
使用 DNS 域名部署 GSLB 配置
已复制
Failed!