02 mai 2016

Semi automate Netscaler CLI command

I wanted to automate the creation of VIP into the netscaler but I currently don't have time to learn how to powershell+nitro all of it but had an urgent need to standardise the creation of new VIP. So to go around that time limitation, I have created a batch file that semi-automate the process of creating new VIP into the Netscaler so that everything that gets created in the Netscaler follow the same standard. The batch file ask you some basic question and return you command that you have to copy/paste into the Netsclaer CLI (I connect to the netscaler using PuTTy). The script is not 100% dummy-proof so if you enter wrong information in a field the batch file does not double check all that you enter and your command output will not be good.
Save the following into a text file with extension .bat and run it.
-------------------------- Copy below this line  --------------------------
@echo off
Echo.
Echo.
Echo **************************************************************************
Echo The recommended command-line window width is 168 characters to be certain of not having command over 2 lines.
Echo **************************************************************************
Echo.

CHOICE /C PV /M "Netscaler Physical or Virtual ?"
IF %ERRORLEVEL% == 1 SET NS=Phys
IF %ERRORLEVEL% == 2 SET NS=Virt
Echo.

REM we have 3 differents level of authentication and have created auth_profile and auth_vserver accordingly
:VIP_Authentification
ECHO.
ECHO ...............................................
ECHO Do you need authentication?
ECHO ...............................................
ECHO.
ECHO 1 - Authentification 401 Forest
ECHO 2 - Authentification 401 Corp
ECHO 3 - Authentification Form Base Forest
ECHO 4 - Authentification Form Base Corp
ECHO 5 - Authentification Form Base + RSA (Dual Auth)
ECHO 6 - No authentication
ECHO.
SET /P Auth=Type 1, 2, 3, 4, 5 or 6 then press ENTER:
IF %auth% GEQ 7 goto VIP_Authentification
IF %auth% == 0 goto VIP_Authentification
Echo.
set /P VipIP=Enter the IP address of the VIP:
Echo.
:Vip_type
CHOICE /C HS /M "What kind of VIP: Http gold Ssl?"
IF %ERRORLEVEL% == 1 SET VT=HTTP
IF %ERRORLEVEL% == 2 SET VT=ssl
set /P vPort=Enter the VIP port:
Echo.
set /P VipName=Enter the name of the VIP {LB_..._SSL} (If the VIP port is different than the default Change _SSL for _#### ):
Echo.
REM if the VIP is not addressable we will place it behind a Content Switching vServer
:Content_Switch
set "CSVS="
IF %VipIP% NEQ 0.0.0.0 goto IpNotNull

set csact=ACT_SEND_%vipname%
set cspol=CSPol_%VipName%
echo.
CHOICE /C EIB /M "VIP behind which content switch vServer: External, Internal or Both? "
IF %ERRORLEVEL% == 1 SET CSVS=Externe
IF %ERRORLEVEL% == 2 SET CSVS=Interne
IF %ERRORLEVEL% == 3 SET CSVS=Deux

:IpNotNull

:Sg_Type
echo.
CHOICE /C HS /M "Service Group type: Http or Ssl?"
IF %ERRORLEVEL% == 1 SET SGT=http
IF %ERRORLEVEL% == 2 SET SGT=SSL
Echo.
:MonitorType
IF %SGT% == http SET Mtyp=http-ecv
IF %SGT% == SSL SET Mtyp=https-ecv

:ServiceGroupPort
set /P BPort=Enter the port of the backend servers:
Echo.

:ServiceGroup_Name
set /P SGName=Enter the name of the Service Group {SG_...} Add _### if port is not 80:
Echo.

:Backend
choice /c 1234 /M "Enter the number of backend server without pressing enter?"
IF %ERRORLEVEL% == 1 SET nbr=4
IF %ERRORLEVEL% == 2 SET nbr=3
IF %ERRORLEVEL% == 3 SET nbr=2
IF %ERRORLEVEL% == 4 SET nbr=1
set nbrsvr=%errorlevel%
set svr=1
Echo.

REM clear the variables before using them for added security if the batch is run multiples times...
set "svr4name="
set "svr3name="
set "svr2name="
set "svr1name="
set "svr4IP="
set "svr3IP="
set "svr2IP="
set "svr1IP="
set "csrule1="
set "csrule2="
set "csrule3="
set "csrule4="

:while
if %nbr% lss 5 (
  set /P Svr%nbr%Name=Enter Server %svr% name:
  set /P Svr%nbr%IP=Enter server %svr% IP: 
  set /a nbr+=1
  set /a svr+=1
  goto :while
)

echo.
echo.
echo ************** copy line below this point in putty to create *****************
echo.
Echo add serviceGroup %SGName% %SGT%


If %nbrsvr% == 4 goto 4server
If %nbrsvr% == 3 goto 3server
If %nbrsvr% == 2 goto 2server
If %nbrsvr% == 1 goto 1server

:4server
if [%svr1name%] ==[] echo. && echo Server 4 name is empty restarting process... && echo.
if [%svr1name%] ==[] goto :backend
Echo add server %svr1name% %svr1IP%
Echo bind serviceGroup %SGName% %svr1name% %bport%
set csrule4=||HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"%svr1name%.company.com\")

:3server
if [%svr2name%] ==[] echo. && echo Server 3 name is empty restarting process... && echo.
if [%svr2name%] ==[] goto :backend
Echo add server %svr2name% %svr2IP%
echo bind serviceGroup %SGName% %svr2name% %bport%
set csrule3=||HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"%svr2name%.company.com\")

:2server
if [%svr3name%] ==[] echo. && echo Server 2 name is empty restarting process... && echo.
if [%svr3name%] ==[] goto :backend
Echo add server %svr3name% %svr3IP%
echo bind serviceGroup %SGName% %svr3name% %bport%
set csrule2=||HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"%svr3name%.company.com\")

:1server
if [%svr4name%] ==[] echo. && echo Server 1 name is empty restarting process... && echo
if [%svr4name%] ==[] goto :backend
Echo add server %svr4name% %svr4IP%
echo bind serviceGroup %SGName% %svr4name% %bport%
set csrule1=HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ(\"%svr4name%.company.com\")

Echo bind serviceGroup %SGName% -monitorName %Mtyp%

IF %SGT% == SSL Echo set ssl serviceGroup %SGName% -ssl3 DISABLED

REM check if auth was selected
if Not %Auth% == 6 Goto Auth

Echo add lb vserver %VipName% %VT% %VipIP% %vport% -persistenceType COOKIEINSERT -timeout 0 -cltTimeout 180
Goto EndAuth

:Auth
if %Auth% == 1 set authVs=vs_Auth.company.com
if %Auth% == 2 set authVs=vs_AuthCorp.company.com
if %Auth% == 3 set AuthProf=Profile_Company_Auth
if %Auth% == 4 set AuthProf=Profile_Corp_Auth
if %Auth% == 5 set AuthProf=Profile_Corp-Radius_Auth
if %Auth% LEQ 2 Echo add lb vserver %VipName% %VT% %VipIP% %vport% -persistenceType COOKIEINSERT -timeout 0 -cltTimeout 180 -authn401 ON -authnVsName %authVS%
if %Auth% GEQ 3 Echo add lb vserver %VipName% %VT% %VipIP% %vport% -persistenceType COOKIEINSERT -timeout 0 -cltTimeout 180 -Authentication ON -authnProfile %AuthProf%

:EndAuth

Echo bind lb vserver %VipName% %SGName%


If %VT%==HTTP goto skipssl

REM we use an SSL profile for the SSL parameter and wilcard cert
Echo set ssl vserver %VipName% -sslProfile No_SSL3_profile
IF %NS% == Virt Echo bind ssl vserver %VipName% -certkeyName Company-Wildcard-SHA2
IF %NS% == Phys Echo bind ssl vserver %VipName% -certkeyName Company-wildcard
Echo unbind ssl vserver %VipName% -cipherName ALL
IF %NS% == Phys Echo bind ssl vserver %VipName% -cipherName claus-cipher-list-with-gcm
IF %NS% == virt Echo bind ssl vserver %VipName% -cipherName vpx-cipher-list
Echo bind ssl vserver %VipName% -eccCurveName P_256
Echo bind ssl vserver %VipName% -eccCurveName P_384
Echo bind ssl vserver %VipName% -eccCurveName P_224
Echo bind ssl vserver %VipName% -eccCurveName P_521

:skipssl

IF %VipIP% NEQ 0.0.0.0 goto IpNotNull2
echo add cs action %csact% -targetLBVserver %VipName%
echo add cs policy %cspol% -rule "%csrule1%%csrule2%%csrule3%%csrule4%" -action %csact%

if %CSVS%==Externe echo. && echo sh cs vserver CS_Company_External_app && echo. && echo bind cs vserver CS_Company_External_app -policyName %cspol% -priority xxx
if %CSVS%==Interne echo. && echo sh cs vserver CS_Internal_App && echo bind cs vserver CS_Internal_App -policyName %cspol% -priority xxx
if %CSVS%==Deux echo. && echo sh cs vserver CS_Internal_App && echo bind cs vserver CS_Internal_App -policyName %cspol% -priority xxx
if %CSVS%==Deux echo. && echo sh cs vserver CS_Company_External_app && echo. && echo bind cs vserver CS_Company_External_app -policyName %cspol% -priority xxx

echo.
echo.
Echo +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo + Since we don't know what priority are available on the                +
echo + Content switching, the last two command above show the CS vserver     +
echo + so that you manually type the priority on the Bind policy... command  +
Echo +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

:IpNotNull2

Echo.
echo ************** copy line above this point in putty to create *****************
echo.
echo.
Echo ********************************************************
Echo * Do not forget to create the DNS entry ...            *
Echo * Run the following commands to create them internally *
Echo ********************************************************
echo.
echo.
  for /f "tokens=1 delims=." %%a IN ('echo %VipName%') DO (
  set DNSLBNAME=%%a
)
  for /f "tokens=2 delims=_" %%b IN ('echo %DNSLBNAME%') DO (
  set DNSLBNAME2=%%b
)
echo.
IF %VipIP% == 0.0.0.0 goto IpNull
echo dnscmd %LOGONSERVER% /RecordAdd company.com %DNSLBNAME% /CreatePTR A %vipip%
echo dnscmd %LOGONSERVER% /RecordAdd company.com %DNSLBNAME2% A %VipIP%
echo.

:IpNull
echo.
echo dnscmd %LOGONSERVER% /RecordAdd company.com %DNSLBNAME2% CNAME CS_Internal_app.company.com
echo.
Echo **************** End DNS commands *****************

echo.
echo. Completed, this is the end of the batch file
echo.
pause
-------------------------- Copy abovet his line  --------------------------

That's the batch file I use now to create VIP into the Netscaler.