Nitro C# APIs for NetScaler – Scripting with PowerShell
Hello again! It’s been a while, I know, but I’m back with some fresh goodness that I hope you will enjoy. I want to give a quick shout out to Thomas Poppelgaard for encouraging me to share some new content, and in return I promised him that I’ll dust off SiteDiag in the near future 🙂 Since my last post I joined a financial services firm where I’ve been working on a global NetScaler deployment, so I’ve got lots of great insights about NetScaler and Command Center that I wanted to share.
During my involvement on the engineering side of a larger NetScaler deployment I came across several situations that warranted scripts for both NetScaler and Command Center. The primary driver behind these scripts was the automation of configuration deployment and management (comparing and setting configurations against lists of NetScalers). This post aims to cover the basics of using the C# Nitro APIs in PowerShell. I also hope to share similar tips on the Command Center APIs in a future post.
So, to get started scripting you’ll need to download and extract the Nitro API SDK for C# to the host where you plan to run the script. The download is hosted on the NetScaler itself under the ‘Downloads’ section (on the far right in 10.5):
Once you’ve extracted everything out you’ll have two DLLs that will need to be loaded into your PowerShell environment, newtonsoft.json.dll and nitro.dll. To ‘include’ these runtime libraries in your script, simply use the Add-Type cmdlet for each:
Add-Type -Path .\newtonsoft.json.dll Add-Type -Path .\nitro.dll
Now that the runtime libraries are included you can directly call the Nitro objects using the com.citrix.netscaler.nitro namespace:
The next step is to connect to the NetScaler by creating com.citrix.netscaler.nitro.service.nitro_service object and calling the login() method, which looks like this in PowerShell:
$Credentials = Get-Credential #prompt for credentials $nitrosession = New-Object com.citrix.netscaler.nitro.service.nitro_service("netscaler.fqdn",'HTTPS') $nitrosession.login($Credentials.GetNetworkCredential().UserName, $Credentials.GetNetworkCredential().Password)
And this is where the ‘fun’ starts. Referencing the Nitro API Documentation, you can explore all of the classes and methods that are now at your disposal, including every imaginable configuration and statistic.
Let’s take an example of checking the status of modes, which is handled by the com.citrix.netscaler.nitro.resource.config.ns.nsmode class:
Say you wanted to get all of the modes that are currently set on a NetScaler, you’d simply call the get() method, passing the $nitrosession object as the only argument:
[com.citrix.netscaler.nitro.resource.config.ns.nsmode]::get($nitrosession) mode : {FR, L3, MBF, Edge...} fr : True l2 : False usip : False cka : False tcpb : False mbf : True edge : True usnip : True l3 : True pmtud : True sradv : False dradv : False iradv : False sradv6 : False dradv6 : False bridgebpdus : False
This command uses the nitro_service object as the connection reference for the nsmode.get() method, pretty straightforward.
Now, say you wanted to change one of the modes, L2 in this example, and this is where it can get a little tricky. First, you’ll need to store nsmode in a PowerShell object using the same get() method above:
$nsmode = [com.citrix.netscaler.nitro.resource.config.ns.nsmode]::get($nitrosession)
Then you’ll need to build an array of modes that you want to enable, including any that are already enabled, to pass to the enable() method (there’s probably an easier way to do this than the below snippet, but hey, it works!):
$modes = @(); foreach ($mode in $nsmode.mode){$modes += $mode}; $modes += "L2"
This will give you an array ($modes) that contains all of the modes that you want to enable, plus the modes that were already enabled. You’ll then need to use the nsmode.set_mode() method to set the modes that should be passed to the enable() method:
$nsmode.set_mode($modes)
And the moment of truth, passing the modified $nsmode object to the enable() method:
[com.citrix.netscaler.nitro.resource.config.ns.nsmode]::enable($nitrosession, $nsmode)
errorcode message sessionid severity --------- ------- --------- -------- 0 Done NONE
Let’s explore another example that involves a rewrite policy and action set, which can quickly become a web of interconnecting classes and methods.
First, let’s put all of the rewrite policies into an object:
$rewritepolicies = [com.citrix.netscaler.nitro.resource.config.rewrite.rewritepolicy]::get($nitrosession)
Which will give you a collection of rewrite policy objects in the following format:
__count : name : ns_cvpn_sp_js_vgp_pol rule : http.req.url.path.endswith("ViewGroupPermissions.aspx") && http.req.method.eq(POST) && http.res.body(10).contains("0|/") action : ns_cvpn_sp_ct_rw_act undefaction : comment : logaction : newname : hits : 0 undefhits : 0 description : isdefault : True builtin :
From here, you can call other methods for the rewrite class by referencing the object that you’re interested in. For example, to get a list of bindings for ns_cvpn_default_bypass_url_pol, which is the first policy returned on a NetScaler, you would reference $rewritepolicies[0].name when using the rewritepolicy_binding.get() method:
[com.citrix.netscaler.nitro.resource.config.rewrite.rewritepolicy_binding]::get($nitrosession, $rewritepolicies[0].name)
Similarly, you can get a rewrite action by referencing the rewrite policy’s action property:
[com.citrix.netscaler.nitro.resource.config.rewrite.rewriteaction]::get($nitrosession,$rewritepolicies[0].action)
I’ll stop here for the sake of time and complexity, as there are so many ways that you can go with this foundation. I highly recommend using a tool like PowerGUI so that you can see the classes as you type, and explore the various objects and methods at your disposal.
Anyways, I hope this all makes enough sense for someone to start scripting for NetScalers in PowerShell, and will try to post a similar article on the Command Center APIs soon.