netscaler.adc.service module – Configuration for service resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.service.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for service resource.

Parameters

Parameter

Comments

accessdown

any

Use Layer 2 mode to bridge the packets sent to this service if it is marked as DOWN. If the service is DOWN, and this parameter is disabled, the packets are dropped.

Choices:

  • "YES"

  • "NO"

all

boolean

Display both user-configured and dynamically learned services.

Choices:

  • false

  • true

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

appflowlog

any

Enable logging of AppFlow information.

Choices:

  • "ENABLED"

  • "DISABLED"

cacheable

any

Use the transparent cache redirection virtual server to forward requests to the cache server.

Note: Do not specify this parameter if you set the Cache Type parameter.

Choices:

  • "YES"

  • "NO"

cachetype

string

Cache type supported by the cache server.

Choices:

  • "TRANSPARENT"

  • "REVERSE"

  • "FORWARD"

cip

any

Before forwarding a request to the service, insert an HTTP header with the client’s IPv4 or IPv6 address as its value. Used if the server needs the client’s IP address for security, accounting, or other purposes, and setting the Use Source IP parameter is not a viable option.

Choices:

  • "ENABLED"

  • "DISABLED"

cipheader

any

Name for the HTTP header whose value must be set to the IP address of the client. Used with the Client IP parameter. If you set the Client IP parameter, and you do not specify a name for the header, the appliance uses the header name specified for the global Client IP Header parameter (the cipHeader parameter in the set ns param CLI command or the Client IP Header parameter in the Configure HTTP Parameters dialog box at System > Settings > Change HTTP parameters). If the global Client IP Header parameter is not specified, the appliance inserts a header with the name “client-ip.”

cka

any

Enable client keep-alive for the service.

Choices:

  • "YES"

  • "NO"

cleartextport

integer

Port to which clear text data must be sent after the appliance decrypts incoming SSL traffic. Applicable to transparent SSL services.

clttimeout

any

Time, in seconds, after which to terminate an idle client connection.

cmp

any

Enable compression for the service.

Choices:

  • "YES"

  • "NO"

comment

any

Any information about the service.

contentinspectionprofilename

any

Name of the ContentInspection profile that contains IPS/IDS communication related setting for the service

customserverid

any

Unique identifier for the service. Used when the persistency type for the virtual server is set to Custom Server ID.

delay

float

Time, in seconds, allocated to the Citrix ADC for a graceful shutdown of the service. During this period, new requests are sent to the service only for clients who already have persistent sessions on the appliance. Requests from new clients are load balanced among other available services. After the delay time expires, no requests are sent to the service, and the service is marked as unavailable (OUT OF SERVICE).

dnsprofilename

any

Name of the DNS profile to be associated with the service. DNS profile properties will applied to the transactions processed by a service. This parameter is valid only for ADNS and ADNS-TCP services.

downstateflush

any

Flush all active transactions associated with a service whose state transitions from UP to DOWN. Do not enable this option for applications that must complete their transactions.

Choices:

  • "ENABLED"

  • "DISABLED"

graceful

string

Shut down gracefully, not accepting any new connections, and disabling the service when all of its connections are closed.

Choices:

  • "YES"

  • "NO"

hashid

any

A numerical identifier that can be used by hash based load balancing methods. Must be unique for each service.

healthmonitor

any

Monitor the health of this service. Available settings function as follows:

YES - Send probes to check the health of the service.

NO - Do not send probes to check the health of the service. With the NO option, the appliance shows the service as UP at all times.

Choices:

  • "YES"

  • "NO"

httpprofilename

any

Name of the HTTP profile that contains HTTP configuration settings for the service.

internal

boolean

Display only dynamically learned services.

Choices:

  • false

  • true

ip

string

IP to assign to the service.

ipaddress

string

The new IP address of the service.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

maxbandwidth

any

Maximum bandwidth, in Kbps, allocated to the service.

maxclient

any

Maximum number of simultaneous open connections to the service.

maxreq

any

Maximum number of requests that can be sent on a persistent connection to the service.

Note: Connection requests beyond this value are rejected.

monconnectionclose

any

Close monitoring connections by sending the service a connection termination message with the specified bit set.

Choices:

  • "RESET"

  • "FIN"

monitor_name_svc

string

Name of the monitor bound to the specified service.

monthreshold

any

Minimum sum of weights of the monitors that are bound to this service. Used to determine whether to mark a service as UP or DOWN.

name

any

Name for the service. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the service has been created.

netprofile

any

Network profile to use for the service.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

newname

string

New name for the service. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

pathmonitor

any

Path monitoring for clustering

Choices:

  • "YES"

  • "NO"

pathmonitorindv

any

Individual Path monitoring decisions

Choices:

  • "YES"

  • "NO"

port

integer

Port number of the service.

processlocal

any

By turning on this option packets destined to a service in a cluster will not under go any steering. Turn this option for single packet request response mode or when the upstream device is performing a proper RSS for connection based distribution.

Choices:

  • "ENABLED"

  • "DISABLED"

rtspsessionidremap

any

Enable RTSP session ID mapping for the service.

Choices:

  • "ON"

  • "OFF"

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

serverid

float

The identifier for the service. This is used when the persistency type is set to Custom Server ID.

servername

string

Name of the server that hosts the service.

service_lbmonitor_binding

dictionary

Bindings for service_lbmonitor_binding resource

binding_members

list / elements=dictionary

List of binding members

Default: []

mode

string

The mode in which to configure the bindings.

If mode is set to desired, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state.

If mode is set to bind, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified.

If mode is set to unbind, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified.

Choices:

  • "desired" ← (default)

  • "bind"

  • "unbind"

servicegroup_lbmonitor_binding

dictionary

Bindings for servicegroup_lbmonitor_binding resource

binding_members

list / elements=dictionary

List of binding members

Default: []

mode

string

The mode in which to configure the bindings.

If mode is set to desired, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state.

If mode is set to bind, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified.

If mode is set to unbind, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified.

Choices:

  • "desired" ← (default)

  • "bind"

  • "unbind"

servicegroup_servicegroupmember_binding

dictionary

Bindings for servicegroup_servicegroupmember_binding resource

binding_members

list / elements=dictionary

List of binding members

Default: []

mode

string

The mode in which to configure the bindings.

If mode is set to desired, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state.

If mode is set to bind, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified.

If mode is set to unbind, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified.

Choices:

  • "desired" ← (default)

  • "bind"

  • "unbind"

servicetype

string

Protocol in which data is exchanged with the service.

Choices:

  • "HTTP"

  • "FTP"

  • "TCP"

  • "UDP"

  • "SSL"

  • "SSL_BRIDGE"

  • "SSL_TCP"

  • "DTLS"

  • "NNTP"

  • "RPCSVR"

  • "DNS"

  • "ADNS"

  • "SNMP"

  • "RTSP"

  • "DHCPRA"

  • "ANY"

  • "SIP_UDP"

  • "SIP_TCP"

  • "SIP_SSL"

  • "DNS_TCP"

  • "ADNS_TCP"

  • "MYSQL"

  • "MSSQL"

  • "ORACLE"

  • "MONGO"

  • "MONGO_TLS"

  • "RADIUS"

  • "RADIUSListener"

  • "RDP"

  • "DIAMETER"

  • "SSL_DIAMETER"

  • "TFTP"

  • "SMPP"

  • "PPTP"

  • "GRE"

  • "SYSLOGTCP"

  • "SYSLOGUDP"

  • "FIX"

  • "SSL_FIX"

  • "USER_TCP"

  • "USER_SSL_TCP"

  • "QUIC"

  • "IPFIX"

  • "LOGSTREAM"

  • "LOGSTREAM_SSL"

  • "MQTT"

  • "MQTT_TLS"

  • "QUIC_BRIDGE"

sp

any

Enable surge protection for the service.

Choices:

  • "ON"

  • "OFF"

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

When enabled, the resource will be enabled on the NetScaler ADC node.

When disabled, the resource will be disabled on the NetScaler ADC node.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

  • "enabled"

  • "disabled"

  • "unset"

svrtimeout

any

Time, in seconds, after which to terminate an idle server connection.

tcpb

any

Enable TCP buffering for the service.

Choices:

  • "YES"

  • "NO"

tcpprofilename

any

Name of the TCP profile that contains TCP configuration settings for the service.

td

float

Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.

useproxyport

any

Use the proxy port as the source port when initiating connections with the server. With the NO setting, the client-side connection port is used as the source port for the server-side connection.

Note: This parameter is available only when the Use Source IP (USIP) parameter is set to YES.

Choices:

  • "YES"

  • "NO"

usip

any

Use the client’s IP address as the source IP address when initiating a connection to the server. When creating a service, if you do not set this parameter, the service inherits the global Use Source IP setting (available in the enable ns mode and disable ns mode CLI commands, or in the System > Settings > Configure modes > Configure Modes dialog box). However, you can override this setting after you create the service.

Choices:

  • "YES"

  • "NO"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

weight

float

Weight to assign to the monitor-service binding. When a monitor is UP, the weight assigned to its binding with the service determines how much the monitor contributes toward keeping the health of the service above the value configured for the Monitor Threshold parameter.

Notes

Note

Examples

---
- name: Sample Playbook
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Sample Task | service
      delegate_to: localhost
      netscaler.adc.service:
        state: present
        name: service-http
        servicetype: HTTP
        ipaddress: 172.18.0.4
        port: 5000
    - name: Sample Task | ipset-001
      delegate_to: localhost
      netscaler.adc.ipset:
        state: present
        name: ipset-001
    - name: Sample Task | netProfile
      delegate_to: localhost
      netscaler.adc.netprofile:
        state: present
        name: test-netprofile
        srcip: ipset-001
        mbf: DISABLED
    - name: Sample Task | lbmonitor | 3
      delegate_to: localhost
      tags: test
      netscaler.adc.lbmonitor:
        state: present
        monitorname: test-monitor
        type: TCP
        interval: 15
        retries: 20
    - name: Setup services
      delegate_to: localhost
      tags: test
      netscaler.adc.service:
        state: present
        name: 10.123.123.123-tcp-12345
        servicetype: TCP
        ipaddress: 10.123.123.123
        port: 12345
        healthmonitor: "NO"
        netprofile: test-netprofile
        service_lbmonitor_binding:
          binding_members:
            - monitor_name: test-monitor
              name: 10.123.123.123-tcp-12345

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)