From e2883378bb55313ea9e88f4ce4c1af47c2cd7367 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Sun, 3 Sep 2023 12:33:15 +0200 Subject: [PATCH 01/11] Small code cleaning changes --- terraform/citrix-adc/README.md | 2 +- terraform/citrix-adc/destroy.sh | 2 ++ .../citrix-adc/sources/image/your_image.ovf | 0 terraform/citrix-adc/variables.tf | 23 +++++++++++-------- 4 files changed, 16 insertions(+), 11 deletions(-) create mode 100644 terraform/citrix-adc/sources/image/your_image.ovf diff --git a/terraform/citrix-adc/README.md b/terraform/citrix-adc/README.md index 009356f..b56046c 100644 --- a/terraform/citrix-adc/README.md +++ b/terraform/citrix-adc/README.md @@ -18,7 +18,7 @@ You need to edit the following information to make this work in your environment - ADC License: A valid ADC license needs to be put into the "./sources/license" folder - ADC OVF: your ADC image sources need to be put into "./sources/image" - provider.tf: review the required versions -- provider.tf: select either ACME staging or production certificates +- provider.tf: select either ACME [staging or production](https://letsencrypt.org/docs/staging-environment/) certificates - variables.tf: adjust all variables to represent your environment. Required ones are marked with a "# Comment". ## HowTo Deploy diff --git a/terraform/citrix-adc/destroy.sh b/terraform/citrix-adc/destroy.sh index a187318..4736910 100644 --- a/terraform/citrix-adc/destroy.sh +++ b/terraform/citrix-adc/destroy.sh @@ -1,5 +1,7 @@ +echo "Initiating removal of NetScaler" terraform init --upgrade && terraform destroy --auto-approve -target="module.adc-01-build" && +echo "Cleaning NetScaler configuration..." sleep 15s && rm .terraform.lock.hcl -f && rm terraform.tfstate.backup -f && diff --git a/terraform/citrix-adc/sources/image/your_image.ovf b/terraform/citrix-adc/sources/image/your_image.ovf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index 9c150d8..46014c4 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -3,7 +3,7 @@ ##### variable vsphere { type = map - description = "" + description = "[Required] vSphere Configuration Variables" default = { server = "192.168.1.4" user = "administrator@vsphere.local" @@ -16,13 +16,12 @@ variable vsphere { resourcepool = "YourEnvironment-tf" } } - ##### # ADC VM configuration variables ##### variable vm { type = map - description = "" + description = "[Required] NetScaler VM Variables" default = { ovf = "YourOVFFile" network = "vSwitch_Internal" @@ -39,7 +38,7 @@ variable vm { ##### variable adc-base { type = map - description = "" + description = "[Required] NetScaler System Variables" default = { username = "nsroot" oldpassword = "nsroot" @@ -54,7 +53,7 @@ variable adc-base { variable adc-snip { type = map - description = "" + description = "NetScaler SubnetIP Variables" default = { ip = "192.168.1.16" netmask = "255.255.255.0" @@ -64,10 +63,10 @@ variable adc-snip { variable adc-license { type = map - description = "" + description = "NetScaler license variables | Default Express license: https://docs.netscaler.com/en-us/citrix-adc/current-release/licensing/citrix-adc-licensing-overview.html " default = { filename = "your_adc_license.lic" - filecontent = "/Path/To/Your/License/your_adc_license.lic" + filecontent = "sources/license/your_adc_license.lic" } } @@ -76,7 +75,7 @@ variable adc-license { ##### variable adc-letsencrypt-lb { type = map - description = "" + description = "[Required] LetsEncrypt LoadBalancer configuration variables" default = { backend-ip = "192.168.1.25" frontend-ip = "192.168.1.17" @@ -90,7 +89,7 @@ variable adc-letsencrypt-lb { ##### variable adc-letsencrypt-certificate { type = map - description = "" + description = "[Required] LetsEncrypt Configuration variables" default = { private_key_algorithm = "RSA" private_key_rsa_bits = "4096" @@ -106,12 +105,12 @@ variable adc-letsencrypt-certificate-san { "citrix.YourEnvironment.YourDomain.YourTLD" ] } - ##### # ADC LB variables ##### variable adc-lb-srv { type = map + description = "[Required] NetScaler Basic LoadBalancing Virtual Server variables" default = { name = [ "citrix-ctrl-01", @@ -170,6 +169,7 @@ variable adc-lb-generic { ##### variable adc-gw { type = map + description = "[Required] ADC Citrix Gateway variables" default = { name = "citrix" staserver = "citrix-ctrl-01" @@ -190,6 +190,7 @@ variable adc-gw { ##### variable "adc-gw-authenticationldapaction" { type = map + description = "[Required] ADC Authentication LDAP Action variables" default = { type = [ "ldap" @@ -232,6 +233,7 @@ variable "adc-gw-authenticationldapaction" { ##### variable "adc-gw-authenticationldappolicy" { type = map + description = "[Required] ADC Authentication LDAP Policy variables" default = { rule = [ "ns_true" @@ -247,6 +249,7 @@ variable "adc-gw-authenticationldappolicy" { ##### variable "adc-cs" { type = map + description = "[Required] ADC CS variables]" default = { vserver_name = "cs_vs_any.domain.local_ssl_443" vserver_ip = "192.168.1.12" From 476ac3d1d3448f8e89fee7849e5a73ca8e4dfe65 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Sun, 3 Sep 2023 13:24:39 +0200 Subject: [PATCH 02/11] Editing module structure --- terraform/citrix-adc/main.tf | 104 +++--- .../netscaler/base_configuration/main.tf | 160 +++++++++ .../netscaler/base_configuration/versions.tf | 9 + .../netscaler/content_switching/main.tf | 122 +++++++ .../netscaler/content_switching/versions.tf | 9 + .../netscaler/final_operations/main.tf | 19 ++ .../netscaler/final_operations/versions.tf | 10 + .../modules/netscaler/gateway/main.tf | 215 +++++++++++++ .../modules/netscaler/gateway/versions.tf | 9 + .../modules/netscaler/letsencrypt/main.tf | 118 +++++++ .../modules/netscaler/letsencrypt/versions.tf | 13 + .../modules/netscaler/letsencrypt_lb/main.tf | 99 ++++++ .../netscaler/letsencrypt_lb/versions.tf | 10 + .../modules/netscaler/loadbalancers/main.tf | 88 +++++ .../netscaler/loadbalancers/versions.tf | 9 + .../netscaler/netscaler_license/maint.tf | 50 +++ .../netscaler/netscaler_license/versions.tf | 9 + .../modules/netscaler/password_reset/main.tf | 42 +++ .../netscaler/password_reset/versions.tf | 9 + .../netscaler/ssl_configuration/main.tf | 304 ++++++++++++++++++ .../netscaler/ssl_configuration/versions.tf | 9 + .../citrix-adc/modules/netscaler/variables.tf | 48 +++ .../citrix-adc/modules/netscaler/versions.tf | 9 + .../citrix-adc/modules/vsphere_deploy/main.tf | 111 +++++++ .../modules/vsphere_deploy/variables.tf | 5 + .../modules/vsphere_deploy/versions.tf | 9 + terraform/citrix-adc/variables.tf | 6 +- 27 files changed, 1550 insertions(+), 55 deletions(-) create mode 100644 terraform/citrix-adc/modules/netscaler/base_configuration/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/content_switching/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/content_switching/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/final_operations/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/final_operations/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/gateway/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/gateway/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf create mode 100644 terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/password_reset/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/password_reset/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf create mode 100644 terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf create mode 100644 terraform/citrix-adc/modules/netscaler/variables.tf create mode 100644 terraform/citrix-adc/modules/netscaler/versions.tf create mode 100644 terraform/citrix-adc/modules/vsphere_deploy/main.tf create mode 100644 terraform/citrix-adc/modules/vsphere_deploy/variables.tf create mode 100644 terraform/citrix-adc/modules/vsphere_deploy/versions.tf diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index e1a7bde..503dba6 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -1,31 +1,31 @@ -# Module terraform-module-citrix-adc-build -module "adc-01-build" { - source = "github.com/jansvensen/terraform-module-citrix-adc-build.git" - - vsphere = { - server = var.vsphere.server - user = var.vsphere.user - password = var.vsphere.password - datacenter = var.vsphere.datacenter - host = var.vsphere.host - datastore = var.vsphere.datastore - timezone = var.vsphere.timezone - resourcepool = var.vsphere.resourcepool - } - - vm = { - network = var.vm.network - mac = var.vm.mac - ip = var.vm.ip - gateway = var.vm.gateway - netmask = var.vm.netmask - name = var.vm.name - ovf = var.vm.ovf - } -} - -module "adc-02-reset-password" { - source = "github.com/jansvensen/terraform-module-citrix-adc-reset-password.git" +# # Module terraform-module-citrix-adc-build +# module "adc-01-build" { +# source = "modules/vsphere_deploy" + +# vsphere = { +# server = var.vsphere.server +# user = var.vsphere.user +# password = var.vsphere.password +# datacenter = var.vsphere.datacenter +# host = var.vsphere.host +# datastore = var.vsphere.datastore +# timezone = var.vsphere.timezone +# resourcepool = var.vsphere.resourcepool +# } + +# vm = { +# network = var.vm.network +# mac = var.vm.mac +# ip = var.vm.ip +# gateway = var.vm.gateway +# netmask = var.vm.netmask +# name = var.vm.name +# ovf = var.vm.ovf +# } +# } + +module "netscaler" { + source = "./modules/netscaler/" vm = { ip = var.vm.ip @@ -37,26 +37,26 @@ module "adc-02-reset-password" { } } -module "adc-03-license" { - source = "github.com/jansvensen/terraform-module-citrix-adc-license.git" - - vm = { - ip = var.vm.ip - } - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - } - - adc-license = { - filename = var.adc-license.filename - filecontent = file(var.adc-license.filecontent) - } +# module "adc-03-license" { +# source = "modules/netscaler/netscaler_license" + +# vm = { +# ip = var.vm.ip +# } +# adc-base = { +# username = var.adc-base.username +# password = var.adc-base.password +# } + +# adc-license = { +# filename = var.adc-license.filename +# filecontent = file(var.adc-license.filecontent) +# } -} +# } module "adc-04-base" { - source = "github.com/jansvensen/terraform-module-citrix-adc-base.git" + source = "./modules/netscaler/base_configuration" vm = { ip = var.vm.ip @@ -78,7 +78,7 @@ module "adc-04-base" { } module "adc-05-ssl" { - source = "github.com/jansvensen/terraform-module-citrix-adc-ssl.git" + source = "./modules/netscaler/ssl_configuration" vm = { ip = var.vm.ip } @@ -92,7 +92,7 @@ module "adc-05-ssl" { } module "adc-06-letsencrypt-lb" { - source = "github.com/jansvensen/terraform-module-citrix-adc-letsencrypt-lb.git" + source = "./modules/netscaler/letsencrypt_lb" vm = { ip = var.vm.ip @@ -113,7 +113,7 @@ module "adc-06-letsencrypt-lb" { } module "adc-07-letsencrypt" { - source = "github.com/jansvensen/terraform-module-citrix-adc-letsencrypt.git" + source = "./modules/netscaler/letsencrypt" vm = { ip = var.vm.ip @@ -139,7 +139,7 @@ module "adc-07-letsencrypt" { } module "adc-09-lb" { - source = "github.com/jansvensen/terraform-module-citrix-adc-lb.git" + source = "./modules/netscaler/loadbalancers" vm = { ip = var.vm.ip @@ -173,7 +173,7 @@ module "adc-09-lb" { } module "adc-10-gateway" { - source = "github.com/jansvensen/terraform-module-citrix-adc-gw.git" + source = "./modules/netscaler/gateway" vm = { ip = var.vm.ip @@ -221,7 +221,7 @@ module "adc-10-gateway" { } module "adc-11-cs" { - source = "github.com/jansvensen/terraform-module-citrix-adc-cs.git" + source = "./modules/netscaler/content_switching" vm = { ip = var.vm.ip @@ -252,7 +252,7 @@ module "adc-11-cs" { } module "adc-99-finish" { - source = "github.com/jansvensen/terraform-module-citrix-adc-finish.git" + source = "./modules/netscaler/final_operations" vm = { ip = var.vm.ip diff --git a/terraform/citrix-adc/modules/netscaler/base_configuration/main.tf b/terraform/citrix-adc/modules/netscaler/base_configuration/main.tf new file mode 100644 index 0000000..4520e46 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/base_configuration/main.tf @@ -0,0 +1,160 @@ +##### +# Set NS Hostname +##### +resource "citrixadc_nshostname" "base_hostname" { + hostname = var.vm.hostname +} + +##### +# Add NSIP +##### +resource "citrixadc_nsip" "base_snip" { + ipaddress = var.adc-snip.ip + netmask = var.adc-snip.netmask + icmp = var.adc-snip.icmp + type = "SNIP" +} + +##### +# Configure ADC timezone +##### +resource "citrixadc_nsparam" "base_nsparam" { + timezone = var.adc-base.timezone +} + +##### +# Configure Modes +##### +resource "citrixadc_nsmode" "base_nsmode" { + bridgebpdus = false + cka = false + dradv = false + dradv6 = false + edge = true + fr = true + iradv = false + l2 = false + l3 = false + mbf = false + mediaclassification = false + pmtud = true + sradv = false + sradv6 = false + tcpb = false + ulfd = false + usnip = true + usip = false +} + +##### +# Configure Features +##### +resource "citrixadc_nsfeature" "base_nsfeature" { + aaa = true + adaptivetcp = false + apigateway = false + appflow = false + appfw = false + appqoe = false + bgp = false + bot = false + cf = false + ch = false + ci = false + cloudbridge = false + cmp = false + contentaccelerator = false + cqa = false + cr = false + cs = true + feo = false + forwardproxy = false + gslb = false + hdosp = false + ic = false + ipv6pt = false + isis = false + lb = true + lsn = false + ospf = false + pq = false + push = false + rdpproxy = false + rep = false + responder = true + rewrite = true + rip = false + rise = false + sp = false + ssl = true + sslinterception = false + sslvpn = true + urlfiltering = false + videooptimization = false + wl = false +} + +##### +# Add basic http Profile +##### +resource "citrixadc_nshttpprofile" "base_http_prof" { + name = "http_prof_${var.adc-base.environmentname}" + dropinvalreqs = "ENABLED" + markhttp09inval = "ENABLED" + markconnreqinval = "ENABLED" + weblog = "DISABLED" +} + +##### +# Add basic TCP Profile +##### +resource "citrixadc_nstcpprofile" "base_tcp_prof" { + name = "tcp_prof_${var.adc-base.environmentname}" + ws = "ENABLED" + sack = "ENABLED" + wsval = "8" + mss = "1460" + initialcwnd = "10" + oooqsize = "300" + buffersize = "131072" + flavor = "BIC" + sendbuffsize = "131072" + rstmaxack = "ENABLED" + spoofsyndrop = "DISABLED" + frto = "ENABLED" + fack = "ENABLED" + nagle = "ENABLED" + dynamicreceivebuffering = "ENABLED" + drophalfclosedconnontimeout = "ENABLED" + dropestconnontimeout = "ENABLED" +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "base_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_nsconfig_save.base_save, + citrixadc_nsfeature.base_nsfeature, + citrixadc_nshostname.base_hostname, + citrixadc_nshttpprofile.base_http_prof, + citrixadc_nsip.base_snip, + citrixadc_nsmode.base_nsmode, + citrixadc_nsparam.base_nsparam, + citrixadc_nstcpprofile.base_tcp_prof + ] +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "base_wait_a_few_seconds" { + create_duration = "15s" + + depends_on = [ + citrixadc_nsconfig_save.base_save + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf b/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/content_switching/main.tf b/terraform/citrix-adc/modules/netscaler/content_switching/main.tf new file mode 100644 index 0000000..1a8a9d2 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/content_switching/main.tf @@ -0,0 +1,122 @@ +##### +# Define Locals +##### +locals { + vserver_sslprofile = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" + vserver_httpprofile = "http_prof_${var.adc-base.environmentname}" + vserver_tcpprofile = "tcp_prof_${var.adc-base.environmentname}" +} + +##### +# Add Content Switching Actions +##### +resource "citrixadc_csaction" "cs_action_lb" { + count = length(var.adc-cs-lb.name) + name = "cs_act_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" + targetlbvserver = "lb_vs_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" +} + +resource "citrixadc_csaction" "cs_action_gw" { + count = length(var.adc-cs-gw.name) + name = "cs_act_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" + targetvserver = "gw_vs_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" +} + +##### +# Add Content Switching Policies +##### +resource "citrixadc_cspolicy" "cs_policy_lb" { + count = length(var.adc-cs-lb.name) + policyname = "cs_pol_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_ext}_http_80" + rule = "HTTP.REQ.HOSTNAME.CONTAINS(\"${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_ext}\")" + action = "cs_act_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" + + depends_on = [ + citrixadc_csaction.cs_action_lb, + citrixadc_csaction.cs_action_gw + ] +} + +resource "citrixadc_cspolicy" "cs_policy_gw" { + count = length(var.adc-cs-gw.name) + policyname = "cs_pol_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" + rule = "HTTP.REQ.HOSTNAME.CONTAINS(\"${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}\")" + action = "cs_act_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" + + depends_on = [ + citrixadc_csaction.cs_action_lb, + citrixadc_csaction.cs_action_gw + ] +} + +##### +# Add Content Switching vServer +##### +resource "citrixadc_csvserver" "cs_vserver" { + name = "cs_vs_${var.adc-cs.vserver_name}.${var.adc-base.fqdn_ext}_${var.adc-cs.vserver_type}_${var.adc-cs.vserver_port}" + ipv46 = var.adc-cs.vserver_ip + port = var.adc-cs.vserver_port + servicetype = var.adc-cs.vserver_type + sslprofile = local.vserver_sslprofile + httpprofilename = local.vserver_httpprofile + tcpprofilename = local.vserver_tcpprofile + + depends_on = [ + citrixadc_cspolicy.cs_policy_lb, + citrixadc_cspolicy.cs_policy_gw + ] +} + +##### +# Bind Content Switching Policies to Content Switching vServer +##### +resource "citrixadc_csvserver_cspolicy_binding" "cs_vserverpolicybinding_lb" { + count = length(var.adc-cs-lb.name) + name = citrixadc_csvserver.cs_vserver.name + policyname = citrixadc_cspolicy.cs_policy_lb[count.index].policyname + priority = (count.index + 1 )* 10 + gotopriorityexpression = "END" + + depends_on = [ + citrixadc_csvserver.cs_vserver + ] +} + +resource "citrixadc_csvserver_cspolicy_binding" "cs_vserverpolicybinding_gw" { + count = length(var.adc-cs-gw.name) + name = citrixadc_csvserver.cs_vserver.name + policyname = citrixadc_cspolicy.cs_policy_gw[count.index].policyname + priority = (count.index + 1) * 1000 + gotopriorityexpression = "END" + + depends_on = [ + citrixadc_csvserver.cs_vserver + ] +} + +##### +# Bind SSL certificate to CS vServers +##### +resource "citrixadc_sslvserver_sslcertkey_binding" "cs_sslvserver_sslcertkey_binding" { + vservername = citrixadc_csvserver.cs_vserver.name + certkeyname = "ssl_cert_${var.adc-base.environmentname}_Server" + snicert = false + + depends_on = [ + citrixadc_csvserver.cs_vserver + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "cs_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_csvserver_cspolicy_binding.cs_vserverpolicybinding_gw, + citrixadc_csvserver_cspolicy_binding.cs_vserverpolicybinding_lb, + citrixadc_sslvserver_sslcertkey_binding.cs_sslvserver_sslcertkey_binding + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf b/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/final_operations/main.tf b/terraform/citrix-adc/modules/netscaler/final_operations/main.tf new file mode 100644 index 0000000..fd656e2 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/final_operations/main.tf @@ -0,0 +1,19 @@ +##### +# Add DNS Name Server +##### +resource "citrixadc_dnsnameserver" "finish_dnsnameserver" { + dnsvservername = var.adc-finish.dnsvservername + type = var.adc-finish.dnsvservertype +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "finish_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_dnsnameserver.finish_dnsnameserver + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf b/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf new file mode 100644 index 0000000..6f0f928 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf @@ -0,0 +1,10 @@ +##### +# Variable for administrative connection to the ADC +##### +variable vm {} +variable adc-base {} + +##### +# Functional Variables +##### +variable adc-finish {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/gateway/main.tf b/terraform/citrix-adc/modules/netscaler/gateway/main.tf new file mode 100644 index 0000000..a61165c --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/gateway/main.tf @@ -0,0 +1,215 @@ +##### +# Enable Citrix Gateway Feature +##### +resource "citrixadc_nsfeature" "gw_nsfeature" { + sslvpn = true +} + +##### +# Add Citrix GW vServer +##### +resource "citrixadc_vpnvserver" "gw_vserver" { + name = "gw_vs_${var.adc-gw.name}.${var.adc-gw.fqdn_ext}_${var.adc-gw.servicetype}_443" + servicetype = var.adc-gw.servicetype + ipv46 = var.adc-gw.ip + port = var.adc-gw.port + dtls = var.adc-gw.dtls + tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" + httpprofilename = "http_prof_${var.adc-base.environmentname}" + appflowlog = var.adc-gw.appflowlog +} + +##### +# Bind SSL profile to GW vServer +##### +resource "citrixadc_sslvserver" "gw_vserver_sslprofile" { + vservername = citrixadc_vpnvserver.gw_vserver.name + sslprofile = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +##### +# Bind STA Servers to GW vServer +##### +resource "citrixadc_vpnvserver_staserver_binding" "gw_vserver_staserver_binding" { + name = citrixadc_vpnvserver.gw_vserver.name + staserver = "http://${var.adc-gw.staserver}.${var.adc-gw.fqdn_int}" + staaddresstype = var.adc-gw.staaddresstype + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +##### +# Add Session Action Receiver +##### +resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver" { + name = "sess_prof_sf_receiver" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "ON" + defaultauthorizationaction = "ALLOW" + dnsvservername = var.adc-gw.dnsvservername + icaproxy = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + storefronturl = "${var.adc-gw.citrix-backend}" + transparentinterception = "OFF" + wihome = "${var.adc-gw.citrix-backend}" + windowsautologon = "ON" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +##### +# Add Session Action Receiver Web +##### +resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver_web" { + name = "sess_prof_sf_receiver_web" + clientchoices = "OFF" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "OFF" + defaultauthorizationaction = "ALLOW" + dnsvservername = var.adc-gw.dnsvservername + icaproxy = "ON" + locallanaccess = "ON" + rfc1918 = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + wihome = "${var.adc-gw.citrix-backend}" + windowsautologon = "ON" + wiportalmode = "NORMAL" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +##### +# Add Session Policies +##### +resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver" { + name = "sess_pol_sf_receiver" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") && HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" + action = "sess_prof_sf_receiver" + + depends_on = [ + citrixadc_vpnsessionaction.gw_sess_act_receiver + ] +} + +resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver_web" { + name = "sess_pol_sf_receiver_web" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" + action = "sess_prof_sf_receiver_web" + + depends_on = [ + citrixadc_vpnsessionaction.gw_sess_act_receiver_web + ] +} + +#####s +# Bind session policies to GW vServer +##### +resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver" { + name = citrixadc_vpnvserver.gw_vserver.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver.name + priority = 100 + + depends_on = [ + citrixadc_vpnsessionpolicy.gw_sess_pol_receiver + ] +} + +resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver_web" { + name = citrixadc_vpnvserver.gw_vserver.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web.name + priority = 110 + + depends_on = [ + citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web + ] +} + +resource "citrixadc_authenticationldapaction" "gw_authenticationldapaction" { + count = length(var.adc-gw-authenticationldapaction.type) + name = "auth_act_${element(var.adc-gw-authenticationldapaction["type"],count.index)}_${var.adc-gw.fqdn_int}" + servername = element(var.adc-gw-authenticationldapaction["servername"],count.index) + ldapbase = element(var.adc-gw-authenticationldapaction["ldapBase"],count.index) + ldapbinddn = element(var.adc-gw-authenticationldapaction["ldapBindDn"],count.index) + ldapbinddnpassword = element(var.adc-gw-authenticationldapaction["ldapBindDnPassword"],count.index) + ldaploginname = element(var.adc-gw-authenticationldapaction["ldapLoginName"],count.index) + groupattrname = element(var.adc-gw-authenticationldapaction["groupAttrName"],count.index) + subattributename = element(var.adc-gw-authenticationldapaction["subAttributeName"],count.index) + ssonameattribute = element(var.adc-gw-authenticationldapaction["ssoNameAttribute"],count.index) + sectype = element(var.adc-gw-authenticationldapaction["secType"],count.index) + passwdchange = element(var.adc-gw-authenticationldapaction["passwdChange"],count.index) + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +##### +# Bind authentication profile to policy +##### + +resource "citrixadc_authenticationldappolicy" "gw_authenticationldappolicy" { + count = length(var.adc-gw-authenticationldapaction.type) + name = "auth_pol_${element(var.adc-gw-authenticationldapaction["type"],count.index)}_${var.adc-gw.fqdn_int}" + rule = element(var.adc-gw-authenticationldappolicy["rule"],count.index) + reqaction = element(var.adc-gw-authenticationldappolicy["reqaction"],count.index) + + depends_on = [ + citrixadc_authenticationldapaction.gw_authenticationldapaction + ] +} + +##### +# Bind authentication policies to GW vServer +##### + +resource "citrixadc_vpnvserver_authenticationldappolicy_binding" "gw_vserver_authenticationldappolicy_binding" { + name = citrixadc_vpnvserver.gw_vserver.name + policy = var.adc-gw.authenticationpolicy + priority = 100 + bindpoint = "REQUEST" + + depends_on = [ + citrixadc_authenticationldappolicy.gw_authenticationldappolicy + ] +} + +##### +# Bind SSL certificate to SSL GW vServers +##### + +resource "citrixadc_sslvserver_sslcertkey_binding" "gw_sslvserver_sslcertkey_binding" { + vservername = citrixadc_vpnvserver.gw_vserver.name + certkeyname = "ssl_cert_${var.adc-base.environmentname}_Server" + snicert = false + + depends_on = [ + citrixadc_vpnvserver_authenticationldappolicy_binding.gw_vserver_authenticationldappolicy_binding + ] +} + +##### +# Save config +##### + +resource "citrixadc_nsconfig_save" "gw_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_sslvserver_sslcertkey_binding.gw_sslvserver_sslcertkey_binding + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/gateway/versions.tf b/terraform/citrix-adc/modules/netscaler/gateway/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/gateway/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf new file mode 100644 index 0000000..da2298f --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf @@ -0,0 +1,118 @@ +##### +# Defince locals +##### +locals { + filelocation = "/nsconfig/ssl" +} + +##### +# Create Private Key +##### +resource "tls_private_key" "le_private_key" { + algorithm = var.adc-letsencrypt-certificate.private_key_algorithm + ecdsa_curve = var.adc-letsencrypt-certificate.private_key_ecdsa_curve + rsa_bits = var.adc-letsencrypt-certificate.private_key_rsa_bits +} + +##### +# Register with ACME +##### +resource "acme_registration" "le_registration" { + account_key_pem = tls_private_key.le_private_key.private_key_pem + email_address = var.adc-letsencrypt-certificate.registration_email_address + + depends_on = [ + tls_private_key.le_private_key + ] +} + +##### +# Create Certificate +##### +resource "acme_certificate" "le_certificate" { + account_key_pem = acme_registration.le_registration.account_key_pem + common_name = "${var.adc-letsencrypt-certificate.common_name}.${var.adc-base.fqdn_ext}" + subject_alternative_names = var.adc-letsencrypt-certificate-san + + http_challenge { + } + + depends_on = [ + acme_registration.le_registration + ] +} + +##### +# Upload cert files to /nsconfig/ssl on ADC +##### +resource "citrixadc_systemfile" "le_upload_cert" { + filename = "${var.adc-base.environmentname}_certificate.cer" + filelocation = local.filelocation + filecontent = lookup(acme_certificate.le_certificate,"certificate_pem") + + depends_on = [ + acme_certificate.le_certificate + ] +} + +resource "citrixadc_systemfile" "le_upload_key" { + filename = "${var.adc-base.environmentname}_privatekey.cer" + filelocation = local.filelocation + filecontent = nonsensitive(lookup(acme_certificate.le_certificate,"private_key_pem")) + + depends_on = [ + acme_certificate.le_certificate + ] +} + +resource "citrixadc_systemfile" "le_upload_root" { + filename = "${var.adc-base.environmentname}_rootca.cer" + filelocation = local.filelocation + filecontent = lookup(acme_certificate.le_certificate,"issuer_pem") + + depends_on = [ + acme_certificate.le_certificate + ] +} + +##### +# Implement root certificate +##### +resource "citrixadc_sslcertkey" "le_implement_rootca" { + certkey = "ssl_cert_${var.adc-base.environmentname}_RootCA" + cert = "/nsconfig/ssl/${var.adc-base.environmentname}_rootca.cer" + expirymonitor = "DISABLED" + +depends_on = [ + citrixadc_systemfile.le_upload_cert, + citrixadc_systemfile.le_upload_key + ] +} + +##### +# Implement server certificate +##### +resource "citrixadc_sslcertkey" "le_implement_certkeypair" { + certkey = "ssl_cert_${var.adc-base.environmentname}_Server" + cert = "/nsconfig/ssl/${var.adc-base.environmentname}_certificate.cer" + key = "/nsconfig/ssl/${var.adc-base.environmentname}_privatekey.cer" + expirymonitor = "DISABLED" + linkcertkeyname = "ssl_cert_${var.adc-base.environmentname}_RootCA" + + depends_on = [ + citrixadc_sslcertkey.le_implement_rootca + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "le_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_sslcertkey.le_implement_certkeypair, + citrixadc_sslcertkey.le_implement_rootca + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf new file mode 100644 index 0000000..a9340f4 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + acme = { + source = "vancluever/acme" + version = ">= 2.13.1" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf new file mode 100644 index 0000000..5e31850 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf @@ -0,0 +1,99 @@ +##### +# Define Locals +##### +locals { + lb-srv-name = "lb_srv_letsencrypt_backend" + lb-sg-name = "lb_sg_letsencrypt_backend" + lb-sg-healthmonitor = "NO" + lb-vs-name = "lb_vs_letsencrypt" + lb-vs-lbmethod = "LEASTCONNECTION" + lb-vs-persistencetype = "SOURCEIP" + lb-vs-timeout = "2" +} + +##### +# Add LB Server +##### +resource "citrixadc_server" "le_lb_install_server" { + name = local.lb-srv-name + ipaddress = var.adc-letsencrypt-lb.backend-ip +} + +##### +# Add LB Service Groups +##### +resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { + + servicegroupname = local.lb-sg-name + servicetype = var.adc-letsencrypt-lb.servicetype + healthmonitor = local.lb-sg-healthmonitor + + depends_on = [ + citrixadc_server.le_lb_install_server + ] +} + +##### +# Bind LB Server to Service Groups +##### +resource "citrixadc_servicegroup_servicegroupmember_binding" "le_lb_install_sg_server_binding" { + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + servername = citrixadc_server.le_lb_install_server.name + port = var.adc-letsencrypt-lb.port + + depends_on = [ + citrixadc_servicegroup.le_lb_install_servicegroup + ] +} + +##### +# Add and configure LB vServer - Type http +##### +resource "citrixadc_lbvserver" "le_lb_install_vserver_http" { + name = local.lb-vs-name + servicetype = var.adc-letsencrypt-lb.servicetype + ipv46 = var.adc-letsencrypt-lb.frontend-ip + port = var.adc-letsencrypt-lb.port + lbmethod = local.lb-vs-lbmethod + persistencetype = local.lb-vs-persistencetype + timeout = local.lb-vs-timeout + + depends_on = [ + citrixadc_servicegroup_servicegroupmember_binding.le_lb_install_sg_server_binding + ] +} + +##### +# Bind LB Service Groups to LB vServers +##### +resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_binding" { + name = citrixadc_lbvserver.le_lb_install_vserver_http.name + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + + depends_on = [ + citrixadc_lbvserver.le_lb_install_vserver_http + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "le_lb_install_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_lbvserver_servicegroup_binding.le_lb_install_vserver_sg_binding + ] +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "le_lb_wait_a_few_seconds" { + create_duration = "15s" + + depends_on = [ + citrixadc_nsconfig_save.le_lb_install_save + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf new file mode 100644 index 0000000..39ec07b --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf @@ -0,0 +1,10 @@ +##### +# Variable for administrative connection to the ADC +##### +variable vm {} +variable adc-base {} + +##### +# Variable for LetsEncrypt Loadbalabcing configuration +##### +variable adc-letsencrypt-lb {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf b/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf new file mode 100644 index 0000000..581d407 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf @@ -0,0 +1,88 @@ +locals { + httpprofilename = "http_prof_${var.adc-base.environmentname}" + tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" + sslprofilename = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" +} + +##### +# Add LB Server +##### +resource "citrixadc_server" "lb_server" { + count = length(var.adc-lb-srv.name) + name = "lb_srv_${element(var.adc-lb-srv["name"],count.index)}" + ipaddress = element(var.adc-lb-srv["ip"],count.index) +} + +##### +# Add LB Service Groups +##### +resource "citrixadc_servicegroup" "lb_servicegroup" { + count = length(var.adc-lb.name) + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servicetype = element(var.adc-lb["type"],count.index) + + depends_on = [ + citrixadc_server.lb_server + ] +} + +##### +# Bind LB Server to Service Groups +##### +resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_server_binding" { + count = length(var.adc-lb.name) + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servername = "lb_srv_${element(var.adc-lb["backend-server"],count.index)}" + port = element(var.adc-lb["port"],count.index) + + depends_on = [ + citrixadc_servicegroup.lb_servicegroup + ] +} + +##### +# Add and configure LB vServer +##### +resource "citrixadc_lbvserver" "lb_vserver" { + count = length(var.adc-lb.name) + name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + + servicetype = element(var.adc-lb["type"],count.index) + ipv46 = element(var.adc-lb["lb-type"],count.index) == "direct" ? "9.9.9.9" : "0.0.0.0" + port = element(var.adc-lb["lb-type"],count.index) == "direct" ? element(var.adc-lb["port"],count.index) : "0" + lbmethod = var.adc-lb-generic.lbmethod + persistencetype = var.adc-lb-generic.persistencetype + timeout = var.adc-lb-generic.timeout + sslprofile = element(var.adc-lb["type"],count.index) == "SSL" ? local.sslprofilename : null + httpprofilename = element(var.adc-lb["type"],count.index) == "DNS" || element(var.adc-lb["type"],count.index) == "TCP" ? null : local.httpprofilename + tcpprofilename = element(var.adc-lb["type"],count.index) == "DNS" ? null : local.tcpprofilename + + depends_on = [ + citrixadc_servicegroup_servicegroupmember_binding.lb_sg_server_binding + ] +} + +##### +# Bind LB Service Groups to LB vServers +##### +resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { + count = length(var.adc-lb.name) + name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + + depends_on = [ + citrixadc_lbvserver.lb_vserver + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_lbvserver_servicegroup_binding.lb_vserver_sg_binding + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf b/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf b/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf new file mode 100644 index 0000000..e0162f9 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf @@ -0,0 +1,50 @@ +locals { + filelocation = "/nsconfig/license" +} + +##### +# Add License +##### +resource "citrixadc_systemfile" "license_upload" { + filename = var.adc-license.filename + filelocation = local.filelocation + filecontent = var.adc-license.filecontent +} + +##### +# Save Configuration +##### +resource "citrixadc_nsconfig_save" "license_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_systemfile.license_upload + ] +} + +##### +# Reboot for license application +##### +resource "citrixadc_rebooter" "license_reboot" { + timestamp = timestamp() + warm = true + wait_until_reachable = false + + depends_on = [ + citrixadc_nsconfig_save.license_save + ] +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "license_wait_a_few_seconds" { + + create_duration = "90s" + + depends_on = [ + citrixadc_rebooter.license_reboot + ] + +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf b/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/password_reset/main.tf b/terraform/citrix-adc/modules/netscaler/password_reset/main.tf new file mode 100644 index 0000000..cfdfcb8 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/password_reset/main.tf @@ -0,0 +1,42 @@ +##### +# Reset password +##### +resource "citrixadc_password_resetter" "pw_password_reset" { + username = var.adc-base.username + password = var.adc-base.oldpassword + new_password = var.adc-base.password +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "pw_wait_a_few_seconds" { + create_duration = "15s" + + depends_on = [ + citrixadc_password_resetter.pw_password_reset + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "pw_save" { + all = true + timestamp = timestamp() + + depends_on = [ + time_sleep.pw_wait_a_few_seconds + ] +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "pw_wait_a_few_seconds_last" { + create_duration = "15s" + + depends_on = [ + citrixadc_nsconfig_save.pw_save + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf b/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf b/terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf new file mode 100644 index 0000000..af27c2e --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf @@ -0,0 +1,304 @@ +##### +# Enable SSL Parameter Usage +##### +resource "citrixadc_sslparameter" "ssl_enable_sslprofiles" { + defaultprofile = "ENABLED" +} + +##### +# Add SSL Cipher Group Frontend TLS 12+13 +##### +resource "citrixadc_sslcipher" "ssl_cg_fe_TLS1213" { + ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + + ciphersuitebinding { + ciphername = "TLS1.3-CHACHA20-POLY1305-SHA256" + cipherpriority = 1 + } + ciphersuitebinding { + ciphername = "TLS1.3-AES256-GCM-SHA384" + cipherpriority = 2 + } + ciphersuitebinding { + ciphername = "TLS1.3-AES128-GCM-SHA256" + cipherpriority = 3 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384" + cipherpriority = 4 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256" + cipherpriority = 5 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384" + cipherpriority = 6 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256" + cipherpriority = 7 + } + + depends_on = [ + citrixadc_sslparameter.ssl_enable_sslprofiles + ] +} + +##### +# Add SSL Cipher Group Frontend TLS 13 +##### +resource "citrixadc_sslcipher" "ssl_cg_fe_TLS13" { + ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + + ciphersuitebinding { + ciphername = "TLS1.3-CHACHA20-POLY1305-SHA256" + cipherpriority = 1 + } + ciphersuitebinding { + ciphername = "TLS1.3-AES256-GCM-SHA384" + cipherpriority = 2 + } + ciphersuitebinding { + ciphername = "TLS1.3-AES128-GCM-SHA256" + cipherpriority = 3 + } + + depends_on = [ + citrixadc_sslparameter.ssl_enable_sslprofiles + ] +} + +##### +# Add SSL Cipher Group Backend TLS 12 +##### +resource "citrixadc_sslcipher" "ssl_cg_be_TLS12" { + ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_be_TLS12" + + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384" + cipherpriority = 1 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256" + cipherpriority = 2 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES256-SHA384" + cipherpriority = 3 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-ECDSA-AES128-SHA256" + cipherpriority = 4 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384" + cipherpriority = 5 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256" + cipherpriority = 6 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES-256-SHA384" + cipherpriority = 7 + } + ciphersuitebinding { + ciphername = "TLS1.2-ECDHE-RSA-AES-128-SHA256" + cipherpriority = 8 + } + + depends_on = [ + citrixadc_sslparameter.ssl_enable_sslprofiles + ] +} + +##### +# Add SSL Profile Frontend TLS 12+13 +##### +resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { + name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" + + denysslreneg = "NONSECURE" + ersa = "DISABLED" + sessreuse = "ENABLED" + sesstimeout = "120" + tls1 = "DISABLED" + tls11 = "DISABLED" + tls12 = "ENABLED" + tls13 = "ENABLED" + + cipherbindings { + ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + cipherpriority = 10 + } + + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" + ] + + depends_on = [ + citrixadc_sslcipher.ssl_cg_fe_TLS1213 + ] +} + +##### +# Add SSL Profile Frontend TLS 12+13 with SNI +##### +resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { + name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213_SNI" + + denysslreneg = "NONSECURE" + ersa = "DISABLED" + sessreuse = "ENABLED" + sesstimeout = "120" + tls1 = "DISABLED" + tls11 = "DISABLED" + tls12 = "ENABLED" + tls13 = "ENABLED" + snienable = "ENABLED" + + cipherbindings { + ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + cipherpriority = 10 + } + + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" + ] + + depends_on = [ + citrixadc_sslcipher.ssl_cg_fe_TLS1213 + ] +} + +##### +# Add SSL Profile Frontend TLS 13 +##### +resource "citrixadc_sslprofile" "ssl_prof_fe_13" { + name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS13" + + denysslreneg = "NONSECURE" + ersa = "DISABLED" + sessreuse = "ENABLED" + sesstimeout = "120" + tls1 = "DISABLED" + tls11 = "DISABLED" + tls12 = "DISABLED" + tls13 = "ENABLED" + + cipherbindings { + ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + cipherpriority = 10 + } + + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" + ] + + depends_on = [ + citrixadc_sslcipher.ssl_cg_fe_TLS13 + ] +} + +##### +# Add SSL Profile Frontend TLS 13 with SNI +##### +resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { + name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS13_SNI" + + denysslreneg = "NONSECURE" + ersa = "DISABLED" + sessreuse = "ENABLED" + sesstimeout = "120" + tls1 = "DISABLED" + tls11 = "DISABLED" + tls12 = "DISABLED" + tls13 = "ENABLED" + snienable = "ENABLED" + + cipherbindings { + ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + cipherpriority = 10 + } + + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" + ] + + depends_on = [ + citrixadc_sslcipher.ssl_cg_fe_TLS13 + ] +} + +##### +# Add SSL Profile Backend TLS 12 +##### +resource "citrixadc_sslprofile" "ssl_prof_be_12" { + name = "ssl_prof_${var.adc-base.environmentname}_be_TLS12" + + denysslreneg = "NONSECURE" + ersa = "DISABLED" + sessreuse = "ENABLED" + sesstimeout = "300" + sslprofiletype = "Backend" + tls1 = "DISABLED" + tls11 = "DISABLED" + tls12 = "ENABLED" + + cipherbindings { + ciphername = "ssl_cg_${var.adc-base.environmentname}_be_TLS12" + cipherpriority = 10 + } + + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" + ] + + depends_on = [ + citrixadc_sslcipher.ssl_cg_be_TLS12 + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "ssl_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_sslcipher.ssl_cg_fe_TLS1213, + citrixadc_sslcipher.ssl_cg_fe_TLS13, + citrixadc_sslcipher.ssl_cg_be_TLS12, + citrixadc_sslprofile.ssl_prof_fe_1213, + citrixadc_sslprofile.ssl_prof_fe_13, + citrixadc_sslprofile.ssl_prof_be_12 + ] +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "ssl_wait_a_few_seconds" { + create_duration = "15s" + + depends_on = [ + citrixadc_nsconfig_save.ssl_save + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf b/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/variables.tf b/terraform/citrix-adc/modules/netscaler/variables.tf new file mode 100644 index 0000000..767907e --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/variables.tf @@ -0,0 +1,48 @@ +##### +# Variable for administrative connection to the ADC +##### +variable vm {} +variable adc-base {} +variable adc-snip {} + +##### +# Variable for license file upload +##### +variable adc-license {} + +##### +# ADC Loadbalancing Server +##### +variable adc-lb {} +variable adc-lb-srv {} +variable adc-lb-generic {} + +##### +# Variable for LetsEncrypt Loadbalabcing configuration +##### +variable adc-letsencrypt-lb {} + +##### +# Variables for configuring the certificate +##### +variable adc-letsencrypt-certificate {} +variable adc-letsencrypt-certificate-san{} + +##### +# ADC GW vServer +##### +variable "adc-gw" {} +variable "adc-gw-authenticationldapaction" {} +variable "adc-gw-authenticationldappolicy" {} + +##### +# Functional Variables +##### +variable adc-finish {} + +##### +# Variables +##### +variable adc-cs {} +variable adc-cs-lb {} +variable adc-cs-gw {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/versions.tf b/terraform/citrix-adc/modules/netscaler/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/main.tf b/terraform/citrix-adc/modules/vsphere_deploy/main.tf new file mode 100644 index 0000000..2389eb2 --- /dev/null +++ b/terraform/citrix-adc/modules/vsphere_deploy/main.tf @@ -0,0 +1,111 @@ +##### +# Define Locals +##### +locals { + networkstring = "ip=${var.vm.ip}&netmask=${var.vm.netmask}&gateway=${var.vm.gateway}" +} + +##### +# Configure Datacenter +##### +data "vsphere_datacenter" "dc" { + name = var.vsphere.datacenter +} + +##### +# Configure Datastore +##### +data "vsphere_datastore" "datastore" { + name = var.vsphere.datastore + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure Host +##### +data "vsphere_host" "host" { + name = var.vsphere.host + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure Ressource Pool +##### +data "vsphere_resource_pool" "pool" { + name = var.vsphere.resourcepool + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure VM Network +##### +data "vsphere_network" "network" { + name = var.vm.network + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure OVF +##### +data "vsphere_ovf_vm_template" "ovfLocal" { + name = "TemporaryName" + disk_provisioning = "thin" + resource_pool_id = data.vsphere_resource_pool.pool.id + datastore_id = data.vsphere_datastore.datastore.id + host_system_id = data.vsphere_host.host.id + local_ovf_path = var.vm.ovf + + ovf_network_map = { + "VM Network" : data.vsphere_network.network.id + } +} + +##### +# Create ADC VM +##### +resource "vsphere_virtual_machine" "build_citrix-adc" { + name = var.vm.name + datacenter_id = data.vsphere_datacenter.dc.id + resource_pool_id = data.vsphere_resource_pool.pool.id + datastore_id = data.vsphere_datastore.datastore.id + host_system_id = data.vsphere_host.host.id + num_cpus = data.vsphere_ovf_vm_template.ovfLocal.num_cpus + num_cores_per_socket = data.vsphere_ovf_vm_template.ovfLocal.num_cores_per_socket + memory = data.vsphere_ovf_vm_template.ovfLocal.memory + guest_id = data.vsphere_ovf_vm_template.ovfLocal.guest_id + scsi_type = data.vsphere_ovf_vm_template.ovfLocal.scsi_type + nested_hv_enabled = data.vsphere_ovf_vm_template.ovfLocal.nested_hv_enabled + + network_interface { + network_id = values(data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map)[0] + use_static_mac = true + mac_address = var.vm.mac + } + + wait_for_guest_net_timeout = -1 + wait_for_guest_ip_timeout = 5 + + ovf_deploy { + allow_unverified_ssl_cert = false + local_ovf_path = data.vsphere_ovf_vm_template.ovfLocal.local_ovf_path + disk_provisioning = data.vsphere_ovf_vm_template.ovfLocal.disk_provisioning + ovf_network_map = data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map + } + + extra_config = { + "machine.id" = local.networkstring + } +} + +##### +# Wait a few seconds +##### +resource "time_sleep" "build_wait_a_few_seconds" { + + create_duration = "180s" + + depends_on = [ + vsphere_virtual_machine.build_citrix-adc + ] + +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/variables.tf b/terraform/citrix-adc/modules/vsphere_deploy/variables.tf new file mode 100644 index 0000000..7fbfaa4 --- /dev/null +++ b/terraform/citrix-adc/modules/vsphere_deploy/variables.tf @@ -0,0 +1,5 @@ +##### +# vSphere configuration variables +##### +variable vsphere {} +variable vm {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/versions.tf b/terraform/citrix-adc/modules/vsphere_deploy/versions.tf new file mode 100644 index 0000000..56464c0 --- /dev/null +++ b/terraform/citrix-adc/modules/vsphere_deploy/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3.5" + required_providers { + citrixadc = { + source = "citrix/citrixadc" + version = ">= 1.32.0" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index 46014c4..5f42264 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -9,7 +9,7 @@ variable vsphere { user = "administrator@vsphere.local" password = "" datacenter = "YourEnvironment" - host = "192.168.1.3" + host = "192.168.176.110" datastore = "VM" network = "vSwitch_Internal" timezone = 020 @@ -26,7 +26,7 @@ variable vm { ovf = "YourOVFFile" network = "vSwitch_Internal" mac = "00:00:00:aa:bb:cc" - ip = "192.168.1.15" + ip = "192.168.176.110" gateway = "192.168.1.1" netmask = "255.255.255.0" name = "adc-01" @@ -55,7 +55,7 @@ variable adc-snip { type = map description = "NetScaler SubnetIP Variables" default = { - ip = "192.168.1.16" + ip = "192.168.176.198" netmask = "255.255.255.0" icmp = "ENABLED" } From dacac8d5221e3cb88fdc313d32612b711d4790bd Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Mon, 4 Sep 2023 16:35:20 +0200 Subject: [PATCH 03/11] Rework Modules --- terraform/citrix-adc/.gitignore | 4 + terraform/citrix-adc/apply.sh | 14 - terraform/citrix-adc/destroy.sh | 9 - terraform/citrix-adc/main.tf | 275 +-------------- .../base_config.tf} | 79 +---- .../base_licensing.tf | 50 +++ .../base_profiles.tf} | 79 +++-- .../netscaler.base.configuration/provider.tf | 19 ++ .../netscaler.base.configuration/variables.tf | 31 ++ .../netscaler/base_configuration/versions.tf | 9 - .../netscaler/content_switching/main.tf | 122 ------- .../netscaler/content_switching/versions.tf | 9 - .../netscaler/final_operations/main.tf | 19 -- .../netscaler/final_operations/versions.tf | 10 - .../modules/netscaler/gateway/main.tf | 215 ------------ .../modules/netscaler/gateway/versions.tf | 9 - .../modules/netscaler/letsencrypt/main.tf | 118 ------- .../modules/netscaler/letsencrypt/versions.tf | 13 - .../modules/netscaler/letsencrypt_lb/main.tf | 99 ------ .../netscaler/letsencrypt_lb/versions.tf | 10 - .../modules/netscaler/loadbalancers/main.tf | 88 ----- .../netscaler/loadbalancers/versions.tf | 9 - .../netscaler/netscaler_license/maint.tf | 50 --- .../netscaler/netscaler_license/versions.tf | 9 - .../modules/netscaler/password_reset/main.tf | 42 --- .../netscaler/password_reset/versions.tf | 9 - .../netscaler/ssl_configuration/versions.tf | 9 - .../citrix-adc/modules/netscaler/variables.tf | 48 --- .../citrix-adc/modules/netscaler/versions.tf | 9 - .../citrix-adc/modules/vsphere_deploy/main.tf | 111 ------ .../modules/vsphere_deploy/variables.tf | 5 - .../modules/vsphere_deploy/versions.tf | 9 - terraform/citrix-adc/provider.tf | 40 --- .../sources/License/your_adc_license.lic | 0 .../citrix-adc/sources/image/your_image.ovf | 0 terraform/citrix-adc/variables.tf | 316 ++---------------- 36 files changed, 214 insertions(+), 1733 deletions(-) create mode 100644 terraform/citrix-adc/.gitignore delete mode 100644 terraform/citrix-adc/apply.sh delete mode 100644 terraform/citrix-adc/destroy.sh rename terraform/citrix-adc/modules/{netscaler/base_configuration/main.tf => netscaler.base.configuration/base_config.tf} (56%) create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf rename terraform/citrix-adc/modules/{netscaler/ssl_configuration/main.tf => netscaler.base.configuration/base_profiles.tf} (73%) create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/content_switching/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/content_switching/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/final_operations/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/final_operations/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/gateway/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/gateway/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/password_reset/main.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/password_reset/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/variables.tf delete mode 100644 terraform/citrix-adc/modules/netscaler/versions.tf delete mode 100644 terraform/citrix-adc/modules/vsphere_deploy/main.tf delete mode 100644 terraform/citrix-adc/modules/vsphere_deploy/variables.tf delete mode 100644 terraform/citrix-adc/modules/vsphere_deploy/versions.tf delete mode 100644 terraform/citrix-adc/provider.tf delete mode 100644 terraform/citrix-adc/sources/License/your_adc_license.lic delete mode 100644 terraform/citrix-adc/sources/image/your_image.ovf diff --git a/terraform/citrix-adc/.gitignore b/terraform/citrix-adc/.gitignore new file mode 100644 index 0000000..cc130c5 --- /dev/null +++ b/terraform/citrix-adc/.gitignore @@ -0,0 +1,4 @@ +.terraform.lock.hcl +/.terraform +terraform.tfstate +terraform.tfstate.backup \ No newline at end of file diff --git a/terraform/citrix-adc/apply.sh b/terraform/citrix-adc/apply.sh deleted file mode 100644 index 35c2779..0000000 --- a/terraform/citrix-adc/apply.sh +++ /dev/null @@ -1,14 +0,0 @@ -git pull && -terraform init -upgrade && -terraform apply --auto-approve -target="module.adc-01-build" && -terraform apply --auto-approve -target="module.adc-02-reset-password" && -terraform apply --auto-approve -target="module.adc-03-license" && -terraform apply --auto-approve -target="module.adc-04-base" && -terraform apply --auto-approve -target="module.adc-05-ssl" && -terraform apply --auto-approve -target="module.adc-06-letsencrypt-lb" && -sudo terraform apply --auto-approve -target="module.adc-07-letsencrypt" && -terraform destroy --auto-approve -target="module.adc-06-letsencrypt-lb" && -terraform apply --auto-approve -target="module.adc-09-lb" && -terraform apply --auto-approve -target="module.adc-10-gateway" && -terraform apply --auto-approve -target="module.adc-11-cs" && -terraform apply --auto-approve -target="module.adc-99-finish" \ No newline at end of file diff --git a/terraform/citrix-adc/destroy.sh b/terraform/citrix-adc/destroy.sh deleted file mode 100644 index 4736910..0000000 --- a/terraform/citrix-adc/destroy.sh +++ /dev/null @@ -1,9 +0,0 @@ -echo "Initiating removal of NetScaler" -terraform init --upgrade && -terraform destroy --auto-approve -target="module.adc-01-build" && -echo "Cleaning NetScaler configuration..." -sleep 15s && -rm .terraform.lock.hcl -f && -rm terraform.tfstate.backup -f && -rm terraform.tfstate -f && -rm .terraform -f -r \ No newline at end of file diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index 503dba6..2866a5f 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -1,271 +1,6 @@ -# # Module terraform-module-citrix-adc-build -# module "adc-01-build" { -# source = "modules/vsphere_deploy" - -# vsphere = { -# server = var.vsphere.server -# user = var.vsphere.user -# password = var.vsphere.password -# datacenter = var.vsphere.datacenter -# host = var.vsphere.host -# datastore = var.vsphere.datastore -# timezone = var.vsphere.timezone -# resourcepool = var.vsphere.resourcepool -# } - -# vm = { -# network = var.vm.network -# mac = var.vm.mac -# ip = var.vm.ip -# gateway = var.vm.gateway -# netmask = var.vm.netmask -# name = var.vm.name -# ovf = var.vm.ovf -# } -# } - -module "netscaler" { - source = "./modules/netscaler/" - - vm = { - ip = var.vm.ip - } - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - oldpassword = var.adc-base.oldpassword - } -} - -# module "adc-03-license" { -# source = "modules/netscaler/netscaler_license" - -# vm = { -# ip = var.vm.ip -# } -# adc-base = { -# username = var.adc-base.username -# password = var.adc-base.password -# } - -# adc-license = { -# filename = var.adc-license.filename -# filecontent = file(var.adc-license.filecontent) -# } - -# } - -module "adc-04-base" { - source = "./modules/netscaler/base_configuration" - - vm = { - ip = var.vm.ip - hostname = var.vm.name - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - timezone = var.adc-base.timezone - } - - adc-snip = { - ip = var.adc-snip.ip - netmask = var.adc-snip.netmask - icmp = var.adc-snip.icmp - } -} - -module "adc-05-ssl" { - source = "./modules/netscaler/ssl_configuration" - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - fqdn_ext = var.adc-base.fqdn_ext - } -} - -module "adc-06-letsencrypt-lb" { - source = "./modules/netscaler/letsencrypt_lb" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - } - - adc-letsencrypt-lb = { - backend-ip = var.adc-letsencrypt-lb.backend-ip - frontend-ip = var.adc-letsencrypt-lb.frontend-ip - servicetype = var.adc-letsencrypt-lb.servicetype - port = var.adc-letsencrypt-lb.port - } - -} - -module "adc-07-letsencrypt" { - source = "./modules/netscaler/letsencrypt" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - fqdn_ext = var.adc-base.fqdn_ext - } - - adc-letsencrypt-certificate = { - private_key_algorithm = var.adc-letsencrypt-certificate.private_key_algorithm - private_key_rsa_bits = var.adc-letsencrypt-certificate.private_key_rsa_bits - private_key_ecdsa_curve = var.adc-letsencrypt-certificate.private_key_ecdsa_curve - registration_email_address = var.adc-letsencrypt-certificate.registration_email_address - common_name = var.adc-letsencrypt-certificate.common_name - } - - adc-letsencrypt-certificate-san = var.adc-letsencrypt-certificate-san - -} - -module "adc-09-lb" { - source = "./modules/netscaler/loadbalancers" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - } - - adc-lb = { - name = var.adc-lb.name - type = var.adc-lb.type - port = var.adc-lb.port - lb-type = var.adc-lb.lb-type - backend-server = var.adc-lb.backend-server - fqdn_int = var.adc-base.fqdn_int - } - adc-lb-srv = { - name = var.adc-lb-srv.name - ip = var.adc-lb-srv.ip - } - - adc-lb-generic = { - lbmethod = var.adc-lb-generic.lbmethod - persistencetype = var.adc-lb-generic.persistencetype - timeout = var.adc-lb-generic.timeout - sslsnicert = var.adc-lb-generic.sslsnicert - } -} - -module "adc-10-gateway" { - source = "./modules/netscaler/gateway" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - } - adc-gw = { - name = var.adc-gw.name - fqdn_ext = var.adc-base.fqdn_ext - fqdn_int = var.adc-base.fqdn_int - staserver = var.adc-gw.staserver - dnsvservername = var.adc-gw.dnsvservername - authenticationpolicy = var.adc-gw.authenticationpolicy - citrix-backend = var.adc-gw.citrix-backend - servicetype = var.adc-gw.servicetype - ip = var.adc-gw.ip - port = var.adc-gw.port - dtls = var.adc-gw.dtls - appflowlog = var.adc-gw.appflowlog - staaddresstype = var.adc-gw.staaddresstype - } - - adc-gw-authenticationldapaction = { - type = var.adc-gw-authenticationldapaction.type - servername = var.adc-gw-authenticationldapaction.servername - ldapBase = var.adc-gw-authenticationldapaction.ldapBase - ldapBindDn = var.adc-gw-authenticationldapaction.ldapBindDn - ldapBindDnPassword = var.adc-gw-authenticationldapaction.ldapBindDnPassword - ldapLoginName = var.adc-gw-authenticationldapaction.ldapLoginName - groupAttrName = var.adc-gw-authenticationldapaction.groupAttrName - subAttributeName = var.adc-gw-authenticationldapaction.subAttributeName - ssoNameAttribute = var.adc-gw-authenticationldapaction.ssoNameAttribute - secType = var.adc-gw-authenticationldapaction.secType - passwdChange = var.adc-gw-authenticationldapaction.passwdChange - } - - adc-gw-authenticationldappolicy = { - rule = var.adc-gw-authenticationldappolicy.rule - reqaction = var.adc-gw-authenticationldappolicy.reqaction - } -} - -module "adc-11-cs" { - source = "./modules/netscaler/content_switching" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - fqdn_int = var.adc-base.fqdn_int - fqdn_ext = var.adc-base.fqdn_ext - } - - adc-cs = { - vserver_name = var.adc-cs.vserver_name - vserver_ip = var.adc-cs.vserver_ip - vserver_port = var.adc-cs.vserver_port - vserver_type = var.adc-cs.vserver_type - } - - adc-cs-lb = { - name = var.adc-cs-lb.name - } - - adc-cs-gw = { - name = var.adc-cs-gw.name - } -} - -module "adc-99-finish" { - source = "./modules/netscaler/final_operations" - - vm = { - ip = var.vm.ip - } - - adc-base = { - username = var.adc-base.username - password = var.adc-base.password - environmentname = var.adc-base.environmentname - } - - adc-finish = { - dnsvservername = var.adc-finish.dnsvservername - dnsvservertype = var.adc-finish.dnsvservertype - } +module "base_configuration" { + source = "./modules/netscaler.base.configuration" + logon_information = var.logon_information + base_configuration = var.base_configuration + base_configuration_snip = var.base_configuration_snip } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/base_configuration/main.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf similarity index 56% rename from terraform/citrix-adc/modules/netscaler/base_configuration/main.tf rename to terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf index 4520e46..e92d59e 100644 --- a/terraform/citrix-adc/modules/netscaler/base_configuration/main.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf @@ -1,30 +1,26 @@ -##### + # Set NS Hostname -##### resource "citrixadc_nshostname" "base_hostname" { - hostname = var.vm.hostname + hostname = var.base_configuration.hostname } -##### -# Add NSIP -##### + +# Add NetScaler IP resource "citrixadc_nsip" "base_snip" { - ipaddress = var.adc-snip.ip - netmask = var.adc-snip.netmask - icmp = var.adc-snip.icmp + ipaddress = var.base_configuration_snip.ip_address + netmask = var.base_configuration_snip.netmask + icmp = var.base_configuration_snip.icmp type = "SNIP" } -##### + # Configure ADC timezone -##### resource "citrixadc_nsparam" "base_nsparam" { - timezone = var.adc-base.timezone + timezone = var.base_configuration.timezone } -##### + # Configure Modes -##### resource "citrixadc_nsmode" "base_nsmode" { bridgebpdus = false cka = false @@ -46,9 +42,8 @@ resource "citrixadc_nsmode" "base_nsmode" { usip = false } -##### + # Configure Features -##### resource "citrixadc_nsfeature" "base_nsfeature" { aaa = true adaptivetcp = false @@ -94,44 +89,14 @@ resource "citrixadc_nsfeature" "base_nsfeature" { wl = false } -##### -# Add basic http Profile -##### -resource "citrixadc_nshttpprofile" "base_http_prof" { - name = "http_prof_${var.adc-base.environmentname}" - dropinvalreqs = "ENABLED" - markhttp09inval = "ENABLED" - markconnreqinval = "ENABLED" - weblog = "DISABLED" -} -##### -# Add basic TCP Profile -##### -resource "citrixadc_nstcpprofile" "base_tcp_prof" { - name = "tcp_prof_${var.adc-base.environmentname}" - ws = "ENABLED" - sack = "ENABLED" - wsval = "8" - mss = "1460" - initialcwnd = "10" - oooqsize = "300" - buffersize = "131072" - flavor = "BIC" - sendbuffsize = "131072" - rstmaxack = "ENABLED" - spoofsyndrop = "DISABLED" - frto = "ENABLED" - fack = "ENABLED" - nagle = "ENABLED" - dynamicreceivebuffering = "ENABLED" - drophalfclosedconnontimeout = "ENABLED" - dropestconnontimeout = "ENABLED" + +resource "citrixadc_systemparameter" "base_systemparam" { + strongpassword = "enableall" } -##### + # Save config -##### resource "citrixadc_nsconfig_save" "base_save" { all = true timestamp = timestamp() @@ -140,21 +105,9 @@ resource "citrixadc_nsconfig_save" "base_save" { citrixadc_nsconfig_save.base_save, citrixadc_nsfeature.base_nsfeature, citrixadc_nshostname.base_hostname, - citrixadc_nshttpprofile.base_http_prof, citrixadc_nsip.base_snip, citrixadc_nsmode.base_nsmode, citrixadc_nsparam.base_nsparam, - citrixadc_nstcpprofile.base_tcp_prof + citrixadc_systemparameter.base_systemparam ] } - -##### -# Wait a few seconds -##### -resource "time_sleep" "base_wait_a_few_seconds" { - create_duration = "15s" - - depends_on = [ - citrixadc_nsconfig_save.base_save - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf new file mode 100644 index 0000000..ba1a5bc --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf @@ -0,0 +1,50 @@ +# locals { +# filelocation = "/nsconfig/license" +# } + +# ##### +# # Add License +# ##### +# resource "citrixadc_systemfile" "license_upload" { +# filename = var.adc-license.filename +# filelocation = local.filelocation +# filecontent = var.adc-license.filecontent +# } + +# ##### +# # Save Configuration +# ##### +# resource "citrixadc_nsconfig_save" "license_save" { +# all = true +# timestamp = timestamp() + +# depends_on = [ +# citrixadc_systemfile.license_upload +# ] +# } + +# ##### +# # Reboot for license application +# ##### +# resource "citrixadc_rebooter" "license_reboot" { +# timestamp = timestamp() +# warm = true +# wait_until_reachable = false + +# depends_on = [ +# citrixadc_nsconfig_save.license_save +# ] +# } + +# ##### +# # Wait a few seconds +# ##### +# resource "time_sleep" "license_wait_a_few_seconds" { + +# create_duration = "90s" + +# depends_on = [ +# citrixadc_rebooter.license_reboot +# ] + +# } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf similarity index 73% rename from terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf rename to terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf index af27c2e..f9cbc05 100644 --- a/terraform/citrix-adc/modules/netscaler/ssl_configuration/main.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf @@ -1,3 +1,38 @@ + +# Add basic http Profile +resource "citrixadc_nshttpprofile" "base_http_prof" { + name = "http_prof_${var.base_configuration.environment_prefix}" + dropinvalreqs = "ENABLED" + markhttp09inval = "ENABLED" + markconnreqinval = "ENABLED" + weblog = "DISABLED" + http2 = "ENABLED" +} + + +# Add basic TCP Profile +resource "citrixadc_nstcpprofile" "base_tcp_prof" { + name = "tcp_prof_${var.base_configuration.environment_prefix}" + ws = "ENABLED" + sack = "ENABLED" + wsval = "8" + mss = "1460" + initialcwnd = "10" + oooqsize = "300" + buffersize = "131072" + flavor = "BIC" + sendbuffsize = "131072" + rstmaxack = "ENABLED" + spoofsyndrop = "DISABLED" + frto = "ENABLED" + fack = "ENABLED" + nagle = "ENABLED" + dynamicreceivebuffering = "ENABLED" + drophalfclosedconnontimeout = "ENABLED" + dropestconnontimeout = "ENABLED" +} + + ##### # Enable SSL Parameter Usage ##### @@ -9,7 +44,7 @@ resource "citrixadc_sslparameter" "ssl_enable_sslprofiles" { # Add SSL Cipher Group Frontend TLS 12+13 ##### resource "citrixadc_sslcipher" "ssl_cg_fe_TLS1213" { - ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + ciphergroupname = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS1213" ciphersuitebinding { ciphername = "TLS1.3-CHACHA20-POLY1305-SHA256" @@ -49,7 +84,7 @@ resource "citrixadc_sslcipher" "ssl_cg_fe_TLS1213" { # Add SSL Cipher Group Frontend TLS 13 ##### resource "citrixadc_sslcipher" "ssl_cg_fe_TLS13" { - ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + ciphergroupname = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS13" ciphersuitebinding { ciphername = "TLS1.3-CHACHA20-POLY1305-SHA256" @@ -73,7 +108,7 @@ resource "citrixadc_sslcipher" "ssl_cg_fe_TLS13" { # Add SSL Cipher Group Backend TLS 12 ##### resource "citrixadc_sslcipher" "ssl_cg_be_TLS12" { - ciphergroupname = "ssl_cg_${var.adc-base.environmentname}_be_TLS12" + ciphergroupname = "ssl_cg_${var.base_configuration.environment_prefix}_be_TLS12" ciphersuitebinding { ciphername = "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384" @@ -117,7 +152,7 @@ resource "citrixadc_sslcipher" "ssl_cg_be_TLS12" { # Add SSL Profile Frontend TLS 12+13 ##### resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { - name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" + name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" denysslreneg = "NONSECURE" ersa = "DISABLED" @@ -129,7 +164,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { tls13 = "ENABLED" cipherbindings { - ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS1213" cipherpriority = 10 } @@ -149,7 +184,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { # Add SSL Profile Frontend TLS 12+13 with SNI ##### resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { - name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213_SNI" + name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213_SNI" denysslreneg = "NONSECURE" ersa = "DISABLED" @@ -162,7 +197,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { snienable = "ENABLED" cipherbindings { - ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS1213" + ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS1213" cipherpriority = 10 } @@ -182,7 +217,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { # Add SSL Profile Frontend TLS 13 ##### resource "citrixadc_sslprofile" "ssl_prof_fe_13" { - name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS13" + name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS13" denysslreneg = "NONSECURE" ersa = "DISABLED" @@ -194,7 +229,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13" { tls13 = "ENABLED" cipherbindings { - ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS13" cipherpriority = 10 } @@ -214,7 +249,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13" { # Add SSL Profile Frontend TLS 13 with SNI ##### resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { - name = "ssl_prof_${var.adc-base.environmentname}_fe_TLS13_SNI" + name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS13_SNI" denysslreneg = "NONSECURE" ersa = "DISABLED" @@ -227,7 +262,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { snienable = "ENABLED" cipherbindings { - ciphername = "ssl_cg_${var.adc-base.environmentname}_fe_TLS13" + ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS13" cipherpriority = 10 } @@ -247,7 +282,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { # Add SSL Profile Backend TLS 12 ##### resource "citrixadc_sslprofile" "ssl_prof_be_12" { - name = "ssl_prof_${var.adc-base.environmentname}_be_TLS12" + name = "ssl_prof_${var.base_configuration.environment_prefix}_be_TLS12" denysslreneg = "NONSECURE" ersa = "DISABLED" @@ -259,7 +294,7 @@ resource "citrixadc_sslprofile" "ssl_prof_be_12" { tls12 = "ENABLED" cipherbindings { - ciphername = "ssl_cg_${var.adc-base.environmentname}_be_TLS12" + ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_be_TLS12" cipherpriority = 10 } @@ -292,13 +327,13 @@ resource "citrixadc_nsconfig_save" "ssl_save" { ] } -##### -# Wait a few seconds -##### -resource "time_sleep" "ssl_wait_a_few_seconds" { - create_duration = "15s" +# ##### +# # Wait a few seconds +# ##### +# resource "time_sleep" "ssl_wait_a_few_seconds" { +# create_duration = "15s" - depends_on = [ - citrixadc_nsconfig_save.ssl_save - ] -} \ No newline at end of file +# depends_on = [ +# citrixadc_nsconfig_save.ssl_save +# ] +# } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf new file mode 100644 index 0000000..817fc01 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf @@ -0,0 +1,19 @@ +terraform { + required_providers { + citrixadc = { + source = "citrix/citrixadc" + } + } +} + +# Target non default partition +provider "citrixadc" { + endpoint = var.logon_information.host + username = var.logon_information.username + password = var.logon_information.password + do_login = true + +# Allow connection upon invalid certificate + insecure_skip_verify = true + +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf new file mode 100644 index 0000000..73e7d50 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -0,0 +1,31 @@ +# Login Information for the NetScaler to authenticate API calls +variable logon_information { + description = "The logon information to authenticate the NetScaler API calls with" + type = object({ + username = string + password = string + host = string + }) +} + +variable base_configuration { + description = "uncategorized base_configuration variables" + type = object({ + hostname = string + timezone = string + # Will also be used as Suffix where applicable + environment_prefix = string + }) +} + +variable base_configuration_snip { + description = "The initial subnet IP information on the NetScaler" + type = object({ + # NetScaler IP + ip_address = string + netmask = string + icmp = string + }) +} + + diff --git a/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf b/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/base_configuration/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/content_switching/main.tf b/terraform/citrix-adc/modules/netscaler/content_switching/main.tf deleted file mode 100644 index 1a8a9d2..0000000 --- a/terraform/citrix-adc/modules/netscaler/content_switching/main.tf +++ /dev/null @@ -1,122 +0,0 @@ -##### -# Define Locals -##### -locals { - vserver_sslprofile = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" - vserver_httpprofile = "http_prof_${var.adc-base.environmentname}" - vserver_tcpprofile = "tcp_prof_${var.adc-base.environmentname}" -} - -##### -# Add Content Switching Actions -##### -resource "citrixadc_csaction" "cs_action_lb" { - count = length(var.adc-cs-lb.name) - name = "cs_act_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" - targetlbvserver = "lb_vs_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" -} - -resource "citrixadc_csaction" "cs_action_gw" { - count = length(var.adc-cs-gw.name) - name = "cs_act_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" - targetvserver = "gw_vs_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" -} - -##### -# Add Content Switching Policies -##### -resource "citrixadc_cspolicy" "cs_policy_lb" { - count = length(var.adc-cs-lb.name) - policyname = "cs_pol_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_ext}_http_80" - rule = "HTTP.REQ.HOSTNAME.CONTAINS(\"${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_ext}\")" - action = "cs_act_${element(var.adc-cs-lb["name"],count.index)}.${var.adc-base.fqdn_int}_http_80" - - depends_on = [ - citrixadc_csaction.cs_action_lb, - citrixadc_csaction.cs_action_gw - ] -} - -resource "citrixadc_cspolicy" "cs_policy_gw" { - count = length(var.adc-cs-gw.name) - policyname = "cs_pol_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" - rule = "HTTP.REQ.HOSTNAME.CONTAINS(\"${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}\")" - action = "cs_act_${element(var.adc-cs-gw["name"],count.index)}.${var.adc-base.fqdn_ext}_ssl_443" - - depends_on = [ - citrixadc_csaction.cs_action_lb, - citrixadc_csaction.cs_action_gw - ] -} - -##### -# Add Content Switching vServer -##### -resource "citrixadc_csvserver" "cs_vserver" { - name = "cs_vs_${var.adc-cs.vserver_name}.${var.adc-base.fqdn_ext}_${var.adc-cs.vserver_type}_${var.adc-cs.vserver_port}" - ipv46 = var.adc-cs.vserver_ip - port = var.adc-cs.vserver_port - servicetype = var.adc-cs.vserver_type - sslprofile = local.vserver_sslprofile - httpprofilename = local.vserver_httpprofile - tcpprofilename = local.vserver_tcpprofile - - depends_on = [ - citrixadc_cspolicy.cs_policy_lb, - citrixadc_cspolicy.cs_policy_gw - ] -} - -##### -# Bind Content Switching Policies to Content Switching vServer -##### -resource "citrixadc_csvserver_cspolicy_binding" "cs_vserverpolicybinding_lb" { - count = length(var.adc-cs-lb.name) - name = citrixadc_csvserver.cs_vserver.name - policyname = citrixadc_cspolicy.cs_policy_lb[count.index].policyname - priority = (count.index + 1 )* 10 - gotopriorityexpression = "END" - - depends_on = [ - citrixadc_csvserver.cs_vserver - ] -} - -resource "citrixadc_csvserver_cspolicy_binding" "cs_vserverpolicybinding_gw" { - count = length(var.adc-cs-gw.name) - name = citrixadc_csvserver.cs_vserver.name - policyname = citrixadc_cspolicy.cs_policy_gw[count.index].policyname - priority = (count.index + 1) * 1000 - gotopriorityexpression = "END" - - depends_on = [ - citrixadc_csvserver.cs_vserver - ] -} - -##### -# Bind SSL certificate to CS vServers -##### -resource "citrixadc_sslvserver_sslcertkey_binding" "cs_sslvserver_sslcertkey_binding" { - vservername = citrixadc_csvserver.cs_vserver.name - certkeyname = "ssl_cert_${var.adc-base.environmentname}_Server" - snicert = false - - depends_on = [ - citrixadc_csvserver.cs_vserver - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "cs_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_csvserver_cspolicy_binding.cs_vserverpolicybinding_gw, - citrixadc_csvserver_cspolicy_binding.cs_vserverpolicybinding_lb, - citrixadc_sslvserver_sslcertkey_binding.cs_sslvserver_sslcertkey_binding - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf b/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/content_switching/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/final_operations/main.tf b/terraform/citrix-adc/modules/netscaler/final_operations/main.tf deleted file mode 100644 index fd656e2..0000000 --- a/terraform/citrix-adc/modules/netscaler/final_operations/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -##### -# Add DNS Name Server -##### -resource "citrixadc_dnsnameserver" "finish_dnsnameserver" { - dnsvservername = var.adc-finish.dnsvservername - type = var.adc-finish.dnsvservertype -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "finish_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_dnsnameserver.finish_dnsnameserver - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf b/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf deleted file mode 100644 index 6f0f928..0000000 --- a/terraform/citrix-adc/modules/netscaler/final_operations/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -##### -# Variable for administrative connection to the ADC -##### -variable vm {} -variable adc-base {} - -##### -# Functional Variables -##### -variable adc-finish {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/gateway/main.tf b/terraform/citrix-adc/modules/netscaler/gateway/main.tf deleted file mode 100644 index a61165c..0000000 --- a/terraform/citrix-adc/modules/netscaler/gateway/main.tf +++ /dev/null @@ -1,215 +0,0 @@ -##### -# Enable Citrix Gateway Feature -##### -resource "citrixadc_nsfeature" "gw_nsfeature" { - sslvpn = true -} - -##### -# Add Citrix GW vServer -##### -resource "citrixadc_vpnvserver" "gw_vserver" { - name = "gw_vs_${var.adc-gw.name}.${var.adc-gw.fqdn_ext}_${var.adc-gw.servicetype}_443" - servicetype = var.adc-gw.servicetype - ipv46 = var.adc-gw.ip - port = var.adc-gw.port - dtls = var.adc-gw.dtls - tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" - httpprofilename = "http_prof_${var.adc-base.environmentname}" - appflowlog = var.adc-gw.appflowlog -} - -##### -# Bind SSL profile to GW vServer -##### -resource "citrixadc_sslvserver" "gw_vserver_sslprofile" { - vservername = citrixadc_vpnvserver.gw_vserver.name - sslprofile = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" - - depends_on = [ - citrixadc_vpnvserver.gw_vserver - ] -} - -##### -# Bind STA Servers to GW vServer -##### -resource "citrixadc_vpnvserver_staserver_binding" "gw_vserver_staserver_binding" { - name = citrixadc_vpnvserver.gw_vserver.name - staserver = "http://${var.adc-gw.staserver}.${var.adc-gw.fqdn_int}" - staaddresstype = var.adc-gw.staaddresstype - - depends_on = [ - citrixadc_vpnvserver.gw_vserver - ] -} - -##### -# Add Session Action Receiver -##### -resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver" { - name = "sess_prof_sf_receiver" - clientlessmodeurlencoding = "TRANSPARENT" - clientlessvpnmode = "ON" - defaultauthorizationaction = "ALLOW" - dnsvservername = var.adc-gw.dnsvservername - icaproxy = "OFF" - sesstimeout = "2880" - sso = "ON" - ssocredential = "PRIMARY" - storefronturl = "${var.adc-gw.citrix-backend}" - transparentinterception = "OFF" - wihome = "${var.adc-gw.citrix-backend}" - windowsautologon = "ON" - - depends_on = [ - citrixadc_vpnvserver.gw_vserver - ] -} - -##### -# Add Session Action Receiver Web -##### -resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver_web" { - name = "sess_prof_sf_receiver_web" - clientchoices = "OFF" - clientlessmodeurlencoding = "TRANSPARENT" - clientlessvpnmode = "OFF" - defaultauthorizationaction = "ALLOW" - dnsvservername = var.adc-gw.dnsvservername - icaproxy = "ON" - locallanaccess = "ON" - rfc1918 = "OFF" - sesstimeout = "2880" - sso = "ON" - ssocredential = "PRIMARY" - wihome = "${var.adc-gw.citrix-backend}" - windowsautologon = "ON" - wiportalmode = "NORMAL" - - depends_on = [ - citrixadc_vpnvserver.gw_vserver - ] -} - -##### -# Add Session Policies -##### -resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver" { - name = "sess_pol_sf_receiver" - rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") && HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" - action = "sess_prof_sf_receiver" - - depends_on = [ - citrixadc_vpnsessionaction.gw_sess_act_receiver - ] -} - -resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver_web" { - name = "sess_pol_sf_receiver_web" - rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" - action = "sess_prof_sf_receiver_web" - - depends_on = [ - citrixadc_vpnsessionaction.gw_sess_act_receiver_web - ] -} - -#####s -# Bind session policies to GW vServer -##### -resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver" { - name = citrixadc_vpnvserver.gw_vserver.name - policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver.name - priority = 100 - - depends_on = [ - citrixadc_vpnsessionpolicy.gw_sess_pol_receiver - ] -} - -resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver_web" { - name = citrixadc_vpnvserver.gw_vserver.name - policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web.name - priority = 110 - - depends_on = [ - citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web - ] -} - -resource "citrixadc_authenticationldapaction" "gw_authenticationldapaction" { - count = length(var.adc-gw-authenticationldapaction.type) - name = "auth_act_${element(var.adc-gw-authenticationldapaction["type"],count.index)}_${var.adc-gw.fqdn_int}" - servername = element(var.adc-gw-authenticationldapaction["servername"],count.index) - ldapbase = element(var.adc-gw-authenticationldapaction["ldapBase"],count.index) - ldapbinddn = element(var.adc-gw-authenticationldapaction["ldapBindDn"],count.index) - ldapbinddnpassword = element(var.adc-gw-authenticationldapaction["ldapBindDnPassword"],count.index) - ldaploginname = element(var.adc-gw-authenticationldapaction["ldapLoginName"],count.index) - groupattrname = element(var.adc-gw-authenticationldapaction["groupAttrName"],count.index) - subattributename = element(var.adc-gw-authenticationldapaction["subAttributeName"],count.index) - ssonameattribute = element(var.adc-gw-authenticationldapaction["ssoNameAttribute"],count.index) - sectype = element(var.adc-gw-authenticationldapaction["secType"],count.index) - passwdchange = element(var.adc-gw-authenticationldapaction["passwdChange"],count.index) - - depends_on = [ - citrixadc_vpnvserver.gw_vserver - ] -} - -##### -# Bind authentication profile to policy -##### - -resource "citrixadc_authenticationldappolicy" "gw_authenticationldappolicy" { - count = length(var.adc-gw-authenticationldapaction.type) - name = "auth_pol_${element(var.adc-gw-authenticationldapaction["type"],count.index)}_${var.adc-gw.fqdn_int}" - rule = element(var.adc-gw-authenticationldappolicy["rule"],count.index) - reqaction = element(var.adc-gw-authenticationldappolicy["reqaction"],count.index) - - depends_on = [ - citrixadc_authenticationldapaction.gw_authenticationldapaction - ] -} - -##### -# Bind authentication policies to GW vServer -##### - -resource "citrixadc_vpnvserver_authenticationldappolicy_binding" "gw_vserver_authenticationldappolicy_binding" { - name = citrixadc_vpnvserver.gw_vserver.name - policy = var.adc-gw.authenticationpolicy - priority = 100 - bindpoint = "REQUEST" - - depends_on = [ - citrixadc_authenticationldappolicy.gw_authenticationldappolicy - ] -} - -##### -# Bind SSL certificate to SSL GW vServers -##### - -resource "citrixadc_sslvserver_sslcertkey_binding" "gw_sslvserver_sslcertkey_binding" { - vservername = citrixadc_vpnvserver.gw_vserver.name - certkeyname = "ssl_cert_${var.adc-base.environmentname}_Server" - snicert = false - - depends_on = [ - citrixadc_vpnvserver_authenticationldappolicy_binding.gw_vserver_authenticationldappolicy_binding - ] -} - -##### -# Save config -##### - -resource "citrixadc_nsconfig_save" "gw_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_sslvserver_sslcertkey_binding.gw_sslvserver_sslcertkey_binding - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/gateway/versions.tf b/terraform/citrix-adc/modules/netscaler/gateway/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/gateway/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf deleted file mode 100644 index da2298f..0000000 --- a/terraform/citrix-adc/modules/netscaler/letsencrypt/main.tf +++ /dev/null @@ -1,118 +0,0 @@ -##### -# Defince locals -##### -locals { - filelocation = "/nsconfig/ssl" -} - -##### -# Create Private Key -##### -resource "tls_private_key" "le_private_key" { - algorithm = var.adc-letsencrypt-certificate.private_key_algorithm - ecdsa_curve = var.adc-letsencrypt-certificate.private_key_ecdsa_curve - rsa_bits = var.adc-letsencrypt-certificate.private_key_rsa_bits -} - -##### -# Register with ACME -##### -resource "acme_registration" "le_registration" { - account_key_pem = tls_private_key.le_private_key.private_key_pem - email_address = var.adc-letsencrypt-certificate.registration_email_address - - depends_on = [ - tls_private_key.le_private_key - ] -} - -##### -# Create Certificate -##### -resource "acme_certificate" "le_certificate" { - account_key_pem = acme_registration.le_registration.account_key_pem - common_name = "${var.adc-letsencrypt-certificate.common_name}.${var.adc-base.fqdn_ext}" - subject_alternative_names = var.adc-letsencrypt-certificate-san - - http_challenge { - } - - depends_on = [ - acme_registration.le_registration - ] -} - -##### -# Upload cert files to /nsconfig/ssl on ADC -##### -resource "citrixadc_systemfile" "le_upload_cert" { - filename = "${var.adc-base.environmentname}_certificate.cer" - filelocation = local.filelocation - filecontent = lookup(acme_certificate.le_certificate,"certificate_pem") - - depends_on = [ - acme_certificate.le_certificate - ] -} - -resource "citrixadc_systemfile" "le_upload_key" { - filename = "${var.adc-base.environmentname}_privatekey.cer" - filelocation = local.filelocation - filecontent = nonsensitive(lookup(acme_certificate.le_certificate,"private_key_pem")) - - depends_on = [ - acme_certificate.le_certificate - ] -} - -resource "citrixadc_systemfile" "le_upload_root" { - filename = "${var.adc-base.environmentname}_rootca.cer" - filelocation = local.filelocation - filecontent = lookup(acme_certificate.le_certificate,"issuer_pem") - - depends_on = [ - acme_certificate.le_certificate - ] -} - -##### -# Implement root certificate -##### -resource "citrixadc_sslcertkey" "le_implement_rootca" { - certkey = "ssl_cert_${var.adc-base.environmentname}_RootCA" - cert = "/nsconfig/ssl/${var.adc-base.environmentname}_rootca.cer" - expirymonitor = "DISABLED" - -depends_on = [ - citrixadc_systemfile.le_upload_cert, - citrixadc_systemfile.le_upload_key - ] -} - -##### -# Implement server certificate -##### -resource "citrixadc_sslcertkey" "le_implement_certkeypair" { - certkey = "ssl_cert_${var.adc-base.environmentname}_Server" - cert = "/nsconfig/ssl/${var.adc-base.environmentname}_certificate.cer" - key = "/nsconfig/ssl/${var.adc-base.environmentname}_privatekey.cer" - expirymonitor = "DISABLED" - linkcertkeyname = "ssl_cert_${var.adc-base.environmentname}_RootCA" - - depends_on = [ - citrixadc_sslcertkey.le_implement_rootca - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "le_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_sslcertkey.le_implement_certkeypair, - citrixadc_sslcertkey.le_implement_rootca - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf deleted file mode 100644 index a9340f4..0000000 --- a/terraform/citrix-adc/modules/netscaler/letsencrypt/versions.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - acme = { - source = "vancluever/acme" - version = ">= 2.13.1" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf deleted file mode 100644 index 5e31850..0000000 --- a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/main.tf +++ /dev/null @@ -1,99 +0,0 @@ -##### -# Define Locals -##### -locals { - lb-srv-name = "lb_srv_letsencrypt_backend" - lb-sg-name = "lb_sg_letsencrypt_backend" - lb-sg-healthmonitor = "NO" - lb-vs-name = "lb_vs_letsencrypt" - lb-vs-lbmethod = "LEASTCONNECTION" - lb-vs-persistencetype = "SOURCEIP" - lb-vs-timeout = "2" -} - -##### -# Add LB Server -##### -resource "citrixadc_server" "le_lb_install_server" { - name = local.lb-srv-name - ipaddress = var.adc-letsencrypt-lb.backend-ip -} - -##### -# Add LB Service Groups -##### -resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { - - servicegroupname = local.lb-sg-name - servicetype = var.adc-letsencrypt-lb.servicetype - healthmonitor = local.lb-sg-healthmonitor - - depends_on = [ - citrixadc_server.le_lb_install_server - ] -} - -##### -# Bind LB Server to Service Groups -##### -resource "citrixadc_servicegroup_servicegroupmember_binding" "le_lb_install_sg_server_binding" { - servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname - servername = citrixadc_server.le_lb_install_server.name - port = var.adc-letsencrypt-lb.port - - depends_on = [ - citrixadc_servicegroup.le_lb_install_servicegroup - ] -} - -##### -# Add and configure LB vServer - Type http -##### -resource "citrixadc_lbvserver" "le_lb_install_vserver_http" { - name = local.lb-vs-name - servicetype = var.adc-letsencrypt-lb.servicetype - ipv46 = var.adc-letsencrypt-lb.frontend-ip - port = var.adc-letsencrypt-lb.port - lbmethod = local.lb-vs-lbmethod - persistencetype = local.lb-vs-persistencetype - timeout = local.lb-vs-timeout - - depends_on = [ - citrixadc_servicegroup_servicegroupmember_binding.le_lb_install_sg_server_binding - ] -} - -##### -# Bind LB Service Groups to LB vServers -##### -resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_binding" { - name = citrixadc_lbvserver.le_lb_install_vserver_http.name - servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname - - depends_on = [ - citrixadc_lbvserver.le_lb_install_vserver_http - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "le_lb_install_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_lbvserver_servicegroup_binding.le_lb_install_vserver_sg_binding - ] -} - -##### -# Wait a few seconds -##### -resource "time_sleep" "le_lb_wait_a_few_seconds" { - create_duration = "15s" - - depends_on = [ - citrixadc_nsconfig_save.le_lb_install_save - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf b/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf deleted file mode 100644 index 39ec07b..0000000 --- a/terraform/citrix-adc/modules/netscaler/letsencrypt_lb/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -##### -# Variable for administrative connection to the ADC -##### -variable vm {} -variable adc-base {} - -##### -# Variable for LetsEncrypt Loadbalabcing configuration -##### -variable adc-letsencrypt-lb {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf b/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf deleted file mode 100644 index 581d407..0000000 --- a/terraform/citrix-adc/modules/netscaler/loadbalancers/main.tf +++ /dev/null @@ -1,88 +0,0 @@ -locals { - httpprofilename = "http_prof_${var.adc-base.environmentname}" - tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" - sslprofilename = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" -} - -##### -# Add LB Server -##### -resource "citrixadc_server" "lb_server" { - count = length(var.adc-lb-srv.name) - name = "lb_srv_${element(var.adc-lb-srv["name"],count.index)}" - ipaddress = element(var.adc-lb-srv["ip"],count.index) -} - -##### -# Add LB Service Groups -##### -resource "citrixadc_servicegroup" "lb_servicegroup" { - count = length(var.adc-lb.name) - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servicetype = element(var.adc-lb["type"],count.index) - - depends_on = [ - citrixadc_server.lb_server - ] -} - -##### -# Bind LB Server to Service Groups -##### -resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_server_binding" { - count = length(var.adc-lb.name) - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servername = "lb_srv_${element(var.adc-lb["backend-server"],count.index)}" - port = element(var.adc-lb["port"],count.index) - - depends_on = [ - citrixadc_servicegroup.lb_servicegroup - ] -} - -##### -# Add and configure LB vServer -##### -resource "citrixadc_lbvserver" "lb_vserver" { - count = length(var.adc-lb.name) - name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - - servicetype = element(var.adc-lb["type"],count.index) - ipv46 = element(var.adc-lb["lb-type"],count.index) == "direct" ? "9.9.9.9" : "0.0.0.0" - port = element(var.adc-lb["lb-type"],count.index) == "direct" ? element(var.adc-lb["port"],count.index) : "0" - lbmethod = var.adc-lb-generic.lbmethod - persistencetype = var.adc-lb-generic.persistencetype - timeout = var.adc-lb-generic.timeout - sslprofile = element(var.adc-lb["type"],count.index) == "SSL" ? local.sslprofilename : null - httpprofilename = element(var.adc-lb["type"],count.index) == "DNS" || element(var.adc-lb["type"],count.index) == "TCP" ? null : local.httpprofilename - tcpprofilename = element(var.adc-lb["type"],count.index) == "DNS" ? null : local.tcpprofilename - - depends_on = [ - citrixadc_servicegroup_servicegroupmember_binding.lb_sg_server_binding - ] -} - -##### -# Bind LB Service Groups to LB vServers -##### -resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { - count = length(var.adc-lb.name) - name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - - depends_on = [ - citrixadc_lbvserver.lb_vserver - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_lbvserver_servicegroup_binding.lb_vserver_sg_binding - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf b/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/loadbalancers/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf b/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf deleted file mode 100644 index e0162f9..0000000 --- a/terraform/citrix-adc/modules/netscaler/netscaler_license/maint.tf +++ /dev/null @@ -1,50 +0,0 @@ -locals { - filelocation = "/nsconfig/license" -} - -##### -# Add License -##### -resource "citrixadc_systemfile" "license_upload" { - filename = var.adc-license.filename - filelocation = local.filelocation - filecontent = var.adc-license.filecontent -} - -##### -# Save Configuration -##### -resource "citrixadc_nsconfig_save" "license_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_systemfile.license_upload - ] -} - -##### -# Reboot for license application -##### -resource "citrixadc_rebooter" "license_reboot" { - timestamp = timestamp() - warm = true - wait_until_reachable = false - - depends_on = [ - citrixadc_nsconfig_save.license_save - ] -} - -##### -# Wait a few seconds -##### -resource "time_sleep" "license_wait_a_few_seconds" { - - create_duration = "90s" - - depends_on = [ - citrixadc_rebooter.license_reboot - ] - -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf b/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/netscaler_license/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/password_reset/main.tf b/terraform/citrix-adc/modules/netscaler/password_reset/main.tf deleted file mode 100644 index cfdfcb8..0000000 --- a/terraform/citrix-adc/modules/netscaler/password_reset/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -##### -# Reset password -##### -resource "citrixadc_password_resetter" "pw_password_reset" { - username = var.adc-base.username - password = var.adc-base.oldpassword - new_password = var.adc-base.password -} - -##### -# Wait a few seconds -##### -resource "time_sleep" "pw_wait_a_few_seconds" { - create_duration = "15s" - - depends_on = [ - citrixadc_password_resetter.pw_password_reset - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "pw_save" { - all = true - timestamp = timestamp() - - depends_on = [ - time_sleep.pw_wait_a_few_seconds - ] -} - -##### -# Wait a few seconds -##### -resource "time_sleep" "pw_wait_a_few_seconds_last" { - create_duration = "15s" - - depends_on = [ - citrixadc_nsconfig_save.pw_save - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf b/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/password_reset/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf b/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/ssl_configuration/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/variables.tf b/terraform/citrix-adc/modules/netscaler/variables.tf deleted file mode 100644 index 767907e..0000000 --- a/terraform/citrix-adc/modules/netscaler/variables.tf +++ /dev/null @@ -1,48 +0,0 @@ -##### -# Variable for administrative connection to the ADC -##### -variable vm {} -variable adc-base {} -variable adc-snip {} - -##### -# Variable for license file upload -##### -variable adc-license {} - -##### -# ADC Loadbalancing Server -##### -variable adc-lb {} -variable adc-lb-srv {} -variable adc-lb-generic {} - -##### -# Variable for LetsEncrypt Loadbalabcing configuration -##### -variable adc-letsencrypt-lb {} - -##### -# Variables for configuring the certificate -##### -variable adc-letsencrypt-certificate {} -variable adc-letsencrypt-certificate-san{} - -##### -# ADC GW vServer -##### -variable "adc-gw" {} -variable "adc-gw-authenticationldapaction" {} -variable "adc-gw-authenticationldappolicy" {} - -##### -# Functional Variables -##### -variable adc-finish {} - -##### -# Variables -##### -variable adc-cs {} -variable adc-cs-lb {} -variable adc-cs-gw {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler/versions.tf b/terraform/citrix-adc/modules/netscaler/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/netscaler/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/main.tf b/terraform/citrix-adc/modules/vsphere_deploy/main.tf deleted file mode 100644 index 2389eb2..0000000 --- a/terraform/citrix-adc/modules/vsphere_deploy/main.tf +++ /dev/null @@ -1,111 +0,0 @@ -##### -# Define Locals -##### -locals { - networkstring = "ip=${var.vm.ip}&netmask=${var.vm.netmask}&gateway=${var.vm.gateway}" -} - -##### -# Configure Datacenter -##### -data "vsphere_datacenter" "dc" { - name = var.vsphere.datacenter -} - -##### -# Configure Datastore -##### -data "vsphere_datastore" "datastore" { - name = var.vsphere.datastore - datacenter_id = data.vsphere_datacenter.dc.id -} - -##### -# Configure Host -##### -data "vsphere_host" "host" { - name = var.vsphere.host - datacenter_id = data.vsphere_datacenter.dc.id -} - -##### -# Configure Ressource Pool -##### -data "vsphere_resource_pool" "pool" { - name = var.vsphere.resourcepool - datacenter_id = data.vsphere_datacenter.dc.id -} - -##### -# Configure VM Network -##### -data "vsphere_network" "network" { - name = var.vm.network - datacenter_id = data.vsphere_datacenter.dc.id -} - -##### -# Configure OVF -##### -data "vsphere_ovf_vm_template" "ovfLocal" { - name = "TemporaryName" - disk_provisioning = "thin" - resource_pool_id = data.vsphere_resource_pool.pool.id - datastore_id = data.vsphere_datastore.datastore.id - host_system_id = data.vsphere_host.host.id - local_ovf_path = var.vm.ovf - - ovf_network_map = { - "VM Network" : data.vsphere_network.network.id - } -} - -##### -# Create ADC VM -##### -resource "vsphere_virtual_machine" "build_citrix-adc" { - name = var.vm.name - datacenter_id = data.vsphere_datacenter.dc.id - resource_pool_id = data.vsphere_resource_pool.pool.id - datastore_id = data.vsphere_datastore.datastore.id - host_system_id = data.vsphere_host.host.id - num_cpus = data.vsphere_ovf_vm_template.ovfLocal.num_cpus - num_cores_per_socket = data.vsphere_ovf_vm_template.ovfLocal.num_cores_per_socket - memory = data.vsphere_ovf_vm_template.ovfLocal.memory - guest_id = data.vsphere_ovf_vm_template.ovfLocal.guest_id - scsi_type = data.vsphere_ovf_vm_template.ovfLocal.scsi_type - nested_hv_enabled = data.vsphere_ovf_vm_template.ovfLocal.nested_hv_enabled - - network_interface { - network_id = values(data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map)[0] - use_static_mac = true - mac_address = var.vm.mac - } - - wait_for_guest_net_timeout = -1 - wait_for_guest_ip_timeout = 5 - - ovf_deploy { - allow_unverified_ssl_cert = false - local_ovf_path = data.vsphere_ovf_vm_template.ovfLocal.local_ovf_path - disk_provisioning = data.vsphere_ovf_vm_template.ovfLocal.disk_provisioning - ovf_network_map = data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map - } - - extra_config = { - "machine.id" = local.networkstring - } -} - -##### -# Wait a few seconds -##### -resource "time_sleep" "build_wait_a_few_seconds" { - - create_duration = "180s" - - depends_on = [ - vsphere_virtual_machine.build_citrix-adc - ] - -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/variables.tf b/terraform/citrix-adc/modules/vsphere_deploy/variables.tf deleted file mode 100644 index 7fbfaa4..0000000 --- a/terraform/citrix-adc/modules/vsphere_deploy/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -##### -# vSphere configuration variables -##### -variable vsphere {} -variable vm {} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/vsphere_deploy/versions.tf b/terraform/citrix-adc/modules/vsphere_deploy/versions.tf deleted file mode 100644 index 56464c0..0000000 --- a/terraform/citrix-adc/modules/vsphere_deploy/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.32.0" - } - } -} \ No newline at end of file diff --git a/terraform/citrix-adc/provider.tf b/terraform/citrix-adc/provider.tf deleted file mode 100644 index 04798e0..0000000 --- a/terraform/citrix-adc/provider.tf +++ /dev/null @@ -1,40 +0,0 @@ -locals { - ip-mgmt-address = "http://${var.vm.ip}" -} - -terraform { - required_version = ">= 1.3.5" - required_providers { - citrixadc = { - source = "citrix/citrixadc" - version = ">= 1.31.0" - } - acme = { - source = "vancluever/acme" - version = ">= 2.13.1" - } - } -} - -provider "vsphere" { - user = var.vsphere.user - password = var.vsphere.password - vsphere_server = var.vsphere.server - - # If you have a self-signed cert - allow_unverified_ssl = true -} - -provider "citrixadc" { - endpoint = local.ip-mgmt-address - username = var.adc-base.username - password = var.adc-base.password - - # If you have a self-signed cert - insecure_skip_verify = true -} - -provider "acme" { - server_url = "https://acme-staging-v02.api.letsencrypt.org/directory" - #server_url = "https://acme-v02.api.letsencrypt.org/directory" -} \ No newline at end of file diff --git a/terraform/citrix-adc/sources/License/your_adc_license.lic b/terraform/citrix-adc/sources/License/your_adc_license.lic deleted file mode 100644 index e69de29..0000000 diff --git a/terraform/citrix-adc/sources/image/your_image.ovf b/terraform/citrix-adc/sources/image/your_image.ovf deleted file mode 100644 index e69de29..0000000 diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index 5f42264..12d9514 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -1,285 +1,33 @@ -##### -# vSphere configuration variables -##### -variable vsphere { - type = map - description = "[Required] vSphere Configuration Variables" - default = { - server = "192.168.1.4" - user = "administrator@vsphere.local" - password = "" - datacenter = "YourEnvironment" - host = "192.168.176.110" - datastore = "VM" - network = "vSwitch_Internal" - timezone = 020 - resourcepool = "YourEnvironment-tf" - } -} -##### -# ADC VM configuration variables -##### -variable vm { - type = map - description = "[Required] NetScaler VM Variables" - default = { - ovf = "YourOVFFile" - network = "vSwitch_Internal" - mac = "00:00:00:aa:bb:cc" - ip = "192.168.176.110" - gateway = "192.168.1.1" - netmask = "255.255.255.0" - name = "adc-01" - } -} - -##### -# ADC base variables -##### -variable adc-base { - type = map - description = "[Required] NetScaler System Variables" - default = { - username = "nsroot" - oldpassword = "nsroot" - password = "NewSecurePassword" - hostname = "adc-01" - environmentname = "YourEnvironment" - timezone = "GMT+01:00-CET-Europe/Berlin" - fqdn_int = "domain.local" - fqdn_ext = "YourEnvironment.YourDomain.YourTLD" - } -} - -variable adc-snip { - type = map - description = "NetScaler SubnetIP Variables" - default = { - ip = "192.168.176.198" - netmask = "255.255.255.0" - icmp = "ENABLED" - } -} - -variable adc-license { - type = map - description = "NetScaler license variables | Default Express license: https://docs.netscaler.com/en-us/citrix-adc/current-release/licensing/citrix-adc-licensing-overview.html " - default = { - filename = "your_adc_license.lic" - filecontent = "sources/license/your_adc_license.lic" - } -} - -##### -# ADC LetsEncrypt LB configuration variables -##### -variable adc-letsencrypt-lb { - type = map - description = "[Required] LetsEncrypt LoadBalancer configuration variables" - default = { - backend-ip = "192.168.1.25" - frontend-ip = "192.168.1.17" - servicetype = "TCP" - port = "80" - } -} - -##### -# ADC LetsEncrypt configuration variables -##### -variable adc-letsencrypt-certificate { - type = map - description = "[Required] LetsEncrypt Configuration variables" - default = { - private_key_algorithm = "RSA" - private_key_rsa_bits = "4096" - private_key_ecdsa_curve = "P224" - registration_email_address = "you@something.com" - common_name = "citrix" - } -} - -variable adc-letsencrypt-certificate-san { - type = list - default = [ - "citrix.YourEnvironment.YourDomain.YourTLD" - ] -} -##### -# ADC LB variables -##### -variable adc-lb-srv { - type = map - description = "[Required] NetScaler Basic LoadBalancing Virtual Server variables" - default = { - name = [ - "citrix-ctrl-01", - "dc-01" - ] - ip = [ - "192.168.1.101", - "192.168.1.10" - ] - } -} - -variable adc-lb { - type = map - default = { - name = [ - "sf", - "dc", - "dc" - ] - type = [ - "http", - "DNS", - "TCP" - ] - port = [ - "80", - "53", - "389" - ] - backend-server = [ - "citrix-ctrl-01", - "dc-01", - "dc-01" - ] - lb-type = [ - "content-switch", - "direct", - "direct" - ] - } -} - -variable adc-lb-generic { - type = map - default = { - lbmethod = "LEASTCONNECTION" - persistencetype = "SOURCEIP" - timeout = "2" - sslsnicert = "false" - } -} - -##### -# ADC Citrix Gateway variables -##### -variable adc-gw { - type = map - description = "[Required] ADC Citrix Gateway variables" - default = { - name = "citrix" - staserver = "citrix-ctrl-01" - dnsvservername = "lb_vs_dc.domain.local_DNS_53" - authenticationpolicy = "auth_pol_ldap_domain.local" - citrix-backend = "http://citrix-ctrl-01.domain.local/Citrix/StoreWeb/" - servicetype = "SSL" - ip = "0.0.0.0" - port = 0 - dtls = "OFF" - appflowlog = "DISABLED" - staaddresstype = "IPV4" - } -} - -##### -# ADC Authentication LDAP Action variables -##### -variable "adc-gw-authenticationldapaction" { - type = map - description = "[Required] ADC Authentication LDAP Action variables" - default = { - type = [ - "ldap" - ] - servername = [ - "9.9.9.9" - ] - ldapBase = [ - "DC=dt,DC=YourEnvironment" - ] - ldapBindDn = [ - "svc_ldap@domain.local" - ] - ldapBindDnPassword = [ - "NewSecurePassword" - ] - ldapLoginName = [ - "sAMAccountName" - ] - groupAttrName = [ - "memberOf" - ] - subAttributeName = [ - "cn" - ] - ssoNameAttribute = [ - "cn" - ] - secType = [ - "PLAINTEXT" - ] - passwdChange = [ - "DISABLED" - ] - } -} - -##### -# ADC Authentication LDAP Policy variables -##### -variable "adc-gw-authenticationldappolicy" { - type = map - description = "[Required] ADC Authentication LDAP Policy variables" - default = { - rule = [ - "ns_true" - ] - reqaction = [ - "auth_act_ldap_domain.local" - ] - } -} - -##### -# ADC CS variables -##### -variable "adc-cs" { - type = map - description = "[Required] ADC CS variables]" - default = { - vserver_name = "cs_vs_any.domain.local_ssl_443" - vserver_ip = "192.168.1.12" - vserver_port = 443 - vserver_type = "SSL" - } -} - -variable "adc-cs-gw" { - type = map - default = { - name = [ - "citrix" - ] - } -} - -variable "adc-cs-lb" { - type = map - default = { - name = [ - ] - } -} - -variable adc-finish { - type = map - description = "" - default = { - dnsvservername = "lb_vs_dc.domain.local_DNS_53" - dnsvservertype = "" - } +# Login Information for the NetScaler to authenticate API calls +variable logon_information { + type = object({ + username = string + password = string + host = string + }) + +} + +############################## +# Base NetScaler Configuration +############################## + +variable base_configuration { + description = "uncategorized base_configuration variables" + type = object({ + hostname = string + timezone = string + # Will also be used as Suffix where applicable + environment_prefix = string + }) +} + +variable base_configuration_snip { + description = "The initial subnet IP information on the NetScaler" + type = object({ + # NetScaler IP + ip_address = string + netmask = string + icmp = string + }) } \ No newline at end of file From ac6099f8322fb104391b04869c9748c5fcf5560e Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Mon, 4 Sep 2023 19:26:55 +0200 Subject: [PATCH 04/11] License edits --- .../base_licensing.tf | 75 +++++++++---------- .../netscaler.base.configuration/provider.tf | 1 + .../netscaler.base.configuration/variables.tf | 4 +- 3 files changed, 38 insertions(+), 42 deletions(-) diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf index ba1a5bc..9b0dc55 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf @@ -1,44 +1,39 @@ -# locals { -# filelocation = "/nsconfig/license" -# } - -# ##### -# # Add License -# ##### -# resource "citrixadc_systemfile" "license_upload" { -# filename = var.adc-license.filename -# filelocation = local.filelocation -# filecontent = var.adc-license.filecontent -# } - -# ##### -# # Save Configuration -# ##### -# resource "citrixadc_nsconfig_save" "license_save" { -# all = true -# timestamp = timestamp() - -# depends_on = [ -# citrixadc_systemfile.license_upload -# ] -# } - -# ##### -# # Reboot for license application -# ##### -# resource "citrixadc_rebooter" "license_reboot" { -# timestamp = timestamp() -# warm = true -# wait_until_reachable = false - -# depends_on = [ -# citrixadc_nsconfig_save.license_save -# ] -# } - -# ##### +locals { + filelocation = "/nsconfig/license" +} + + +# Upload NetScaler License +resource "citrixadc_systemfile" "license_upload" { + filename = var.adc-license.filename + filelocation = local.filelocation + filecontent = var.adc-license.filecontent +} + +# Save Configuration +resource "citrixadc_nsconfig_save" "license_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_systemfile.license_upload + ] +} + + +# Reboot to activate license +resource "citrixadc_rebooter" "license_reboot" { + timestamp = timestamp() + warm = true + wait_until_reachable = false + + depends_on = [ + citrixadc_nsconfig_save.license_save + ] +} + + # # Wait a few seconds -# ##### # resource "time_sleep" "license_wait_a_few_seconds" { # create_duration = "90s" diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf index 817fc01..b61894e 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf @@ -1,5 +1,6 @@ terraform { required_providers { + # Provider for Citrix NetScaler citrixadc = { source = "citrix/citrixadc" } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf index 73e7d50..d0f2a42 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -19,9 +19,9 @@ variable base_configuration { } variable base_configuration_snip { - description = "The initial subnet IP information on the NetScaler" + description = "The first subnet IP information on the NetScaler" type = object({ - # NetScaler IP + # Subnet IP ip_address = string netmask = string icmp = string From f7c129e6eda62316143afdabb8b7cfb39e6dc65b Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Tue, 5 Sep 2023 19:00:13 +0200 Subject: [PATCH 05/11] Adding map objects for clearer data structure --- .../netscaler.base.configuration/variables.tf | 9 ++ .../virtual_servers.tf | 88 +++++++++++++++++++ terraform/citrix-adc/variables.tf | 36 +++++++- 3 files changed, 131 insertions(+), 2 deletions(-) create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf index d0f2a42..08e4106 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -28,4 +28,13 @@ variable base_configuration_snip { }) } +# All backend services to be created +variable backend_services { + description = "All backend services to be created" + type = map(object({ + hostname = string + ip = string + })) +} + diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf new file mode 100644 index 0000000..581d407 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf @@ -0,0 +1,88 @@ +locals { + httpprofilename = "http_prof_${var.adc-base.environmentname}" + tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" + sslprofilename = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" +} + +##### +# Add LB Server +##### +resource "citrixadc_server" "lb_server" { + count = length(var.adc-lb-srv.name) + name = "lb_srv_${element(var.adc-lb-srv["name"],count.index)}" + ipaddress = element(var.adc-lb-srv["ip"],count.index) +} + +##### +# Add LB Service Groups +##### +resource "citrixadc_servicegroup" "lb_servicegroup" { + count = length(var.adc-lb.name) + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servicetype = element(var.adc-lb["type"],count.index) + + depends_on = [ + citrixadc_server.lb_server + ] +} + +##### +# Bind LB Server to Service Groups +##### +resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_server_binding" { + count = length(var.adc-lb.name) + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servername = "lb_srv_${element(var.adc-lb["backend-server"],count.index)}" + port = element(var.adc-lb["port"],count.index) + + depends_on = [ + citrixadc_servicegroup.lb_servicegroup + ] +} + +##### +# Add and configure LB vServer +##### +resource "citrixadc_lbvserver" "lb_vserver" { + count = length(var.adc-lb.name) + name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + + servicetype = element(var.adc-lb["type"],count.index) + ipv46 = element(var.adc-lb["lb-type"],count.index) == "direct" ? "9.9.9.9" : "0.0.0.0" + port = element(var.adc-lb["lb-type"],count.index) == "direct" ? element(var.adc-lb["port"],count.index) : "0" + lbmethod = var.adc-lb-generic.lbmethod + persistencetype = var.adc-lb-generic.persistencetype + timeout = var.adc-lb-generic.timeout + sslprofile = element(var.adc-lb["type"],count.index) == "SSL" ? local.sslprofilename : null + httpprofilename = element(var.adc-lb["type"],count.index) == "DNS" || element(var.adc-lb["type"],count.index) == "TCP" ? null : local.httpprofilename + tcpprofilename = element(var.adc-lb["type"],count.index) == "DNS" ? null : local.tcpprofilename + + depends_on = [ + citrixadc_servicegroup_servicegroupmember_binding.lb_sg_server_binding + ] +} + +##### +# Bind LB Service Groups to LB vServers +##### +resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { + count = length(var.adc-lb.name) + name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" + + depends_on = [ + citrixadc_lbvserver.lb_vserver + ] +} + +##### +# Save config +##### +resource "citrixadc_nsconfig_save" "save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_lbvserver_servicegroup_binding.lb_vserver_sg_binding + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index 12d9514..d3df87a 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -26,8 +26,40 @@ variable base_configuration_snip { description = "The initial subnet IP information on the NetScaler" type = object({ # NetScaler IP - ip_address = string + subnet_ip = string netmask = string icmp = string }) -} \ No newline at end of file +} + +# All backend services to be created +variable backend_services { + description = "All backend services to be created" + type = map(object({ + hostname = string + ip = string + })) +} + +# All service groups to be created +variable service_groups { + description = "All service groups to be created" + type = map(object({ + name = string + type = string + port = string + backend_services = list + })) +} + +# All virtual servers to be created +variable virtual_servers { + description = "All virtual servers to be created" + type = map(object({ + name = string + type = string + port = string + lb_type = string + service_groups = list + })) +} From fcb203d707bcdd92d0aaa21c4e7a5c91e2733c0a Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Fri, 8 Sep 2023 12:57:03 +0200 Subject: [PATCH 06/11] Rework --- terraform/citrix-adc/main.tf | 22 +++ .../base_config.tf | 8 +- .../base_gateway.tf | 156 ++++++++++++++++++ .../base_ldaps.tf | 36 ++++ .../base_licensing.tf | 66 ++++---- .../base_profiles.tf | 29 +--- .../base_vservers.tf | 63 +++++++ .../netscaler.base.configuration/variables.tf | 74 +++++++++ terraform/citrix-adc/variables.tf | 88 +++++++++- 9 files changed, 469 insertions(+), 73 deletions(-) create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf create mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index 2866a5f..30e5473 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -1,6 +1,28 @@ module "base_configuration" { source = "./modules/netscaler.base.configuration" + + # Default settings / Best Practices & Profiles + # base_configuration.tf logon_information = var.logon_information base_configuration = var.base_configuration base_configuration_snip = var.base_configuration_snip + + + # Virtual Servers / Services creation + # base_vservers.tf + servers = var.servers + service_groups = var.service_groups + virtual_servers = var.virtual_servers + + #LDAP (advanced) authentication with global binding + # base_ldaps.tf + auth_ldaps = var.auth_ldaps + + #Gateway configuration + # base_gateway.tf + gateway = var.gateway + + + + } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf index e92d59e..8464806 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf @@ -44,8 +44,8 @@ resource "citrixadc_nsmode" "base_nsmode" { # Configure Features -resource "citrixadc_nsfeature" "base_nsfeature" { - aaa = true +resource "citrixadc_nsfeature" "advanced_nsfeature" { + aaa = var.base_configuration.advanced adaptivetcp = false apigateway = false appflow = false @@ -83,7 +83,7 @@ resource "citrixadc_nsfeature" "base_nsfeature" { sp = false ssl = true sslinterception = false - sslvpn = true + sslvpn = var.base_configuration.advanced urlfiltering = false videooptimization = false wl = false @@ -103,7 +103,7 @@ resource "citrixadc_nsconfig_save" "base_save" { depends_on = [ citrixadc_nsconfig_save.base_save, - citrixadc_nsfeature.base_nsfeature, + citrixadc_nsfeature.advanced_nsfeature, citrixadc_nshostname.base_hostname, citrixadc_nsip.base_snip, citrixadc_nsmode.base_nsmode, diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf new file mode 100644 index 0000000..6a87546 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf @@ -0,0 +1,156 @@ +# Create AAA vserver +resource "citrixadc_authenticationvserver" "aaa_vserver" { + count = var.base_configuration.advanced ? 1 : 0 + name = "AAA_LDAPS" + servicetype = "SSL" + authentication = "ON" + state = "ENABLED" + depends_on = [citrixadc_nsfeature.advanced_nsfeature] +} + +# Bind authentication policy to AAA vserver +resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa_policy_bind" { + name = citrixadc_authenticationvserver.aaa_vserver.name + policy = citrixadc_authenticationpolicy.auth_authpolicy.name + priority = 90 + bindpoint = "REQUEST" + + depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] +} + +# Create authentication profile +resource "citrixadc_authenticationauthnprofile" "gw_authentication_profile" { + name = "authprof_aaa_ldaps" + authnvsname = citrixadc_authenticationvserver.aaa_vserver.name +} + +# Create Gateway vServer +resource "citrixadc_vpnvserver" "gw_vserver" { + count = var.base_configuration.advanced ? 1 : 0 + name = var.gateway.name + servicetype = var.gateway.servicetype + ipv46 = var.gateway.ipv46 + port = var.gateway.port + dtls = var.gateway.dtls + authnprofile = citrixadc_authenticationauthnprofile.gw_authentication_profile.name + tcpprofilename = "tcp_prof_${var.base_configuration.environment_prefix}" + httpprofilename = "http_prof_${var.base_configuration.environment_prefix}" + + depends_on = [citrixadc_authenticationvserver_authenticationldappolicy_binding.aaa_policy_bind] +} + + +# Bind SSL profile to GW vServer +resource "citrixadc_sslvserver" "gw_vserver_sslprofile" { + count = var.base_configuration.advanced ? 1 : 0 + vservername = var.gateway.name + sslprofile = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + + + +# Bind STA Servers to GW vServer +resource "citrixadc_vpnvserver_staserver_binding" "gw_vserver_staserver_binding" { + count = var.base_configuration.advanced ? 1 : 0 + name = var.gateway.name + staserver = "http://${var.gateway.sta}" + staaddresstype = "IPV4" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + + +# Add Session Action Receiver +resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver" { + name = "vpn_act_receiver_advanced" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "ON" + defaultauthorizationaction = "ALLOW" + icaproxy = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + storefronturl = var.gateway.storefronturl + transparentinterception = "OFF" + wihome = var.gateway.storefronturl + windowsautologon = "ON" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + + +# Add Session Action HTML5 +resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver_web" { + name = "vpn_act_web_advanced" + clientchoices = "OFF" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "OFF" + defaultauthorizationaction = "ALLOW" + icaproxy = "ON" + locallanaccess = "ON" + rfc1918 = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + storefronturl = var.gateway.storefronturl + windowsautologon = "ON" + wiportalmode = "NORMAL" + + depends_on = [ + citrixadc_vpnvserver.gw_vserver + ] +} + +# Add Session Policies +resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver" { + name = "vpn_prof_receiver_advanced" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") && HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" + action = citrixadc_vpnsessionaction.gw_sess_act_receiver.name + + depends_on = [ + citrixadc_vpnsessionaction.gw_sess_act_receiver + ] +} + +resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver_web" { + name = "vpn_prof_web_advanced" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" + action = citrixadc_vpnsessionaction.gw_sess_act_receiver_web.name + depends_on = [ + citrixadc_vpnsessionaction.gw_sess_act_receiver_web + ] +} + + +# Bind session policy to GW vServer +resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver" { + name = var.gateway.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver.name + priority = 100 + + depends_on = [ + citrixadc_vpnsessionpolicy.gw_sess_pol_receiver, + citrixadc_vpnvserver.gw_vserver + ] +} + +# Bind session policy to GW vServer +resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver_web" { + name = var.gateway.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web.name + priority = 110 + + depends_on = [ + citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web, + citrixadc_vpnvserver.gw_vserver + ] +} + diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf new file mode 100644 index 0000000..59e2a31 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf @@ -0,0 +1,36 @@ +# Define the ldaps action, by default set to loadbalance via the data interface as best practice +# Don't forget to add basedn etc, in example it's omitted to prevent errors +# https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/authenticationldapaction +resource "citrixadc_authenticationldapaction" "auth_authenticationldapaction" { + name = var.auth_ldaps.action_name + serverip = var.virtual_servers.lb_ldaps.ipv46 + serverport = 636 + sectype = var.auth_ldaps.sectype + authtimeout = var.auth_ldaps.authtimeout + ldaploginname = var.auth_ldaps.ldaploginname + ldapbase = var.auth_ldaps.ldapbase + ldapbinddn = var.auth_ldaps.ldapbinddn + ldapbinddnpassword = var.auth_ldaps.ldapbinddnpassword +} + +# Define the authentication policy rules for LDAP, default is filter all to allow ('true') +resource "citrixadc_authenticationpolicy" "auth_authpolicy" { + name = var.auth_ldaps.policy_name + rule = var.auth_ldaps.policy_expression + action = var.auth_ldaps.action_name + + depends_on = [citrixadc_authenticationldapaction.auth_authenticationldapaction] +} + +# Bind the auth policy globally for management authentication +resource "citrixadc_systemglobal_authenticationldappolicy_binding" "tf_bind" { + policyname = citrixadc_authenticationpolicy.auth_authpolicy.name + priority = 88 + feature = "SYSTEM" + + depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] +} + + + + diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf index 9b0dc55..9a6519f 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_licensing.tf @@ -1,45 +1,45 @@ -locals { - filelocation = "/nsconfig/license" -} +# locals { +# filelocation = "/nsconfig/license" +# } -# Upload NetScaler License -resource "citrixadc_systemfile" "license_upload" { - filename = var.adc-license.filename - filelocation = local.filelocation - filecontent = var.adc-license.filecontent -} +# # Upload NetScaler License +# resource "citrixadc_systemfile" "license_upload" { +# filename = var.adc-license.filename +# filelocation = local.filelocation +# filecontent = var.adc-license.filecontent +# } -# Save Configuration -resource "citrixadc_nsconfig_save" "license_save" { - all = true - timestamp = timestamp() +# # Save Configuration +# resource "citrixadc_nsconfig_save" "license_save" { +# all = true +# timestamp = timestamp() - depends_on = [ - citrixadc_systemfile.license_upload - ] -} +# depends_on = [ +# citrixadc_systemfile.license_upload +# ] +# } -# Reboot to activate license -resource "citrixadc_rebooter" "license_reboot" { - timestamp = timestamp() - warm = true - wait_until_reachable = false +# # Reboot to activate license +# resource "citrixadc_rebooter" "license_reboot" { +# timestamp = timestamp() +# warm = true +# wait_until_reachable = false - depends_on = [ - citrixadc_nsconfig_save.license_save - ] -} +# depends_on = [ +# citrixadc_nsconfig_save.license_save +# ] +# } -# # Wait a few seconds -# resource "time_sleep" "license_wait_a_few_seconds" { +# # # Wait a few seconds +# # resource "time_sleep" "license_wait_a_few_seconds" { -# create_duration = "90s" +# # create_duration = "90s" -# depends_on = [ -# citrixadc_rebooter.license_reboot -# ] +# # depends_on = [ +# # citrixadc_rebooter.license_reboot +# # ] -# } \ No newline at end of file +# # } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf index f9cbc05..e450d4a 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf @@ -80,9 +80,7 @@ resource "citrixadc_sslcipher" "ssl_cg_fe_TLS1213" { ] } -##### # Add SSL Cipher Group Frontend TLS 13 -##### resource "citrixadc_sslcipher" "ssl_cg_fe_TLS13" { ciphergroupname = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS13" @@ -104,9 +102,7 @@ resource "citrixadc_sslcipher" "ssl_cg_fe_TLS13" { ] } -##### # Add SSL Cipher Group Backend TLS 12 -##### resource "citrixadc_sslcipher" "ssl_cg_be_TLS12" { ciphergroupname = "ssl_cg_${var.base_configuration.environment_prefix}_be_TLS12" @@ -148,9 +144,7 @@ resource "citrixadc_sslcipher" "ssl_cg_be_TLS12" { ] } -##### # Add SSL Profile Frontend TLS 12+13 -##### resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" @@ -180,9 +174,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { ] } -##### # Add SSL Profile Frontend TLS 12+13 with SNI -##### resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213_SNI" @@ -213,9 +205,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { ] } -##### # Add SSL Profile Frontend TLS 13 -##### resource "citrixadc_sslprofile" "ssl_prof_fe_13" { name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS13" @@ -245,9 +235,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13" { ] } -##### # Add SSL Profile Frontend TLS 13 with SNI -##### resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { name = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS13_SNI" @@ -278,9 +266,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { ] } -##### # Add SSL Profile Backend TLS 12 -##### resource "citrixadc_sslprofile" "ssl_prof_be_12" { name = "ssl_prof_${var.base_configuration.environment_prefix}_be_TLS12" @@ -288,7 +274,7 @@ resource "citrixadc_sslprofile" "ssl_prof_be_12" { ersa = "DISABLED" sessreuse = "ENABLED" sesstimeout = "300" - sslprofiletype = "Backend" + sslprofiletype = "BackEnd" tls1 = "DISABLED" tls11 = "DISABLED" tls12 = "ENABLED" @@ -310,9 +296,7 @@ resource "citrixadc_sslprofile" "ssl_prof_be_12" { ] } -##### # Save config -##### resource "citrixadc_nsconfig_save" "ssl_save" { all = true timestamp = timestamp() @@ -326,14 +310,3 @@ resource "citrixadc_nsconfig_save" "ssl_save" { citrixadc_sslprofile.ssl_prof_be_12 ] } - -# ##### -# # Wait a few seconds -# ##### -# resource "time_sleep" "ssl_wait_a_few_seconds" { -# create_duration = "15s" - -# depends_on = [ -# citrixadc_nsconfig_save.ssl_save -# ] -# } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf new file mode 100644 index 0000000..574e624 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf @@ -0,0 +1,63 @@ + +# Add servers (service object) +resource "citrixadc_server" "lb_server" { + # Loop through each server object + for_each = var.servers + name = each.value.hostname + ipaddress = each.value.ip_address + +} + +# Add Service Groups +resource "citrixadc_servicegroup" "lb_servicegroup" { + # Loop through each service group object + for_each = var.service_groups + servicegroupname = each.value.name + servicetype = each.value.type + servicegroupmembers_by_servername = each.value.servers_to_bind + lbvservers = each.value.virtual_server_bindings + + depends_on = [citrixadc_server.lb_server, citrixadc_lbvserver.lb_vserver] +} + + +# Add and configure LB vServer +resource "citrixadc_lbvserver" "lb_vserver" { + + for_each = var.virtual_servers + + name = each.value.name + servicetype = each.value.servicetype + ipv46 = each.value.ipv46 + port = each.value.port + lbmethod = each.value.lbmethod + persistencetype = each.value.persistencetype + timeout = each.value.timeout + sslprofile = each.value.sslprofile + httpprofilename = each.value.httpprofilename + tcpprofilename = each.value.tcpprofilename + + depends_on = [ + citrixadc_nstcpprofile.base_tcp_prof, + citrixadc_nshttpprofile.base_http_prof, + citrixadc_sslcipher.ssl_cg_fe_TLS1213, + citrixadc_sslcipher.ssl_cg_fe_TLS13, + citrixadc_sslprofile.ssl_prof_fe_13, + citrixadc_sslprofile.ssl_prof_fe_13_SNI, + ] +} + + + +# # Bind LB Service Groups to LB vServers +# resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { +# count = length(var.adc-lb.name) +# name = "lb_vs_${local.countvalue}" +# servicegroupname = "lb_sg_${local.countvalue}" + +# depends_on = [ +# citrixadc_lbvserver.lb_vserver +# ] +# } + + diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf index d0f2a42..a77150b 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -15,6 +15,9 @@ variable base_configuration { timezone = string # Will also be used as Suffix where applicable environment_prefix = string + # Deploy advanced features (if licensed with advanced or above only!) + advanced = bool + }) } @@ -29,3 +32,74 @@ variable base_configuration_snip { } +# All backend servers to be created +variable servers { + description = "All backend servers to be created" + type = map(object({ + hostname = string + ip_address = string + })) +} + +# All service groups to be created +variable service_groups { + description = "All service groups to be created" + type = map(object({ + name = string + type = string + port = string + # Define backend servers: Name + port + weight + servers_to_bind = list(string) + # Define the virtual servers to bind this service group to: + virtual_server_bindings = list(string) + })) +} + +# All virtual servers to be created +variable virtual_servers { + description = "All virtual servers to be created" + type = map(object({ + name = string + ipv46 = string + port = string + lbmethod = string + persistencetype = string + timeout = string + servicetype = string + sslprofile = optional(string) + httpprofilename = optional(string) + tcpprofilename = optional(string) + })) + +} + +variable auth_ldaps { + description = "Values to setup base (advanced) authentication policy / action" + type = object({ + policy_name = string + action_name = string + policy_expression = string + serverip = string + serverport = string + sectype = string + authtimeout = string + ldaploginname = string + ldapbase = optional(string) + ldapbinddn = optional(string) + ldapbinddnpassword = optional(string) + }) +} + +variable gateway{ + description = "Values to create default gateway vserver" + type = object({ + name = string + servicetype = string + ipv46 = string + port = string + dtls = string + sta = string + storefronturl = string + }) +} + diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index 12d9514..a77150b 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -1,17 +1,13 @@ # Login Information for the NetScaler to authenticate API calls variable logon_information { + description = "The logon information to authenticate the NetScaler API calls with" type = object({ username = string password = string host = string }) - } -############################## -# Base NetScaler Configuration -############################## - variable base_configuration { description = "uncategorized base_configuration variables" type = object({ @@ -19,15 +15,91 @@ variable base_configuration { timezone = string # Will also be used as Suffix where applicable environment_prefix = string + # Deploy advanced features (if licensed with advanced or above only!) + advanced = bool + }) } variable base_configuration_snip { - description = "The initial subnet IP information on the NetScaler" + description = "The first subnet IP information on the NetScaler" type = object({ - # NetScaler IP + # Subnet IP ip_address = string netmask = string icmp = string }) -} \ No newline at end of file +} + + +# All backend servers to be created +variable servers { + description = "All backend servers to be created" + type = map(object({ + hostname = string + ip_address = string + })) +} + +# All service groups to be created +variable service_groups { + description = "All service groups to be created" + type = map(object({ + name = string + type = string + port = string + # Define backend servers: Name + port + weight + servers_to_bind = list(string) + # Define the virtual servers to bind this service group to: + virtual_server_bindings = list(string) + })) +} + +# All virtual servers to be created +variable virtual_servers { + description = "All virtual servers to be created" + type = map(object({ + name = string + ipv46 = string + port = string + lbmethod = string + persistencetype = string + timeout = string + servicetype = string + sslprofile = optional(string) + httpprofilename = optional(string) + tcpprofilename = optional(string) + })) + +} + +variable auth_ldaps { + description = "Values to setup base (advanced) authentication policy / action" + type = object({ + policy_name = string + action_name = string + policy_expression = string + serverip = string + serverport = string + sectype = string + authtimeout = string + ldaploginname = string + ldapbase = optional(string) + ldapbinddn = optional(string) + ldapbinddnpassword = optional(string) + }) +} + +variable gateway{ + description = "Values to create default gateway vserver" + type = object({ + name = string + servicetype = string + ipv46 = string + port = string + dtls = string + sta = string + storefronturl = string + }) +} + From e5446dfff104542da98e70778eff9e9bf6e811fc Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Fri, 8 Sep 2023 13:12:22 +0200 Subject: [PATCH 07/11] Include tfstate upload --- terraform/citrix-adc/.gitignore | 2 +- terraform/citrix-adc/terraform.tfstate | 323 +++++++++++++++++++++++++ 2 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 terraform/citrix-adc/terraform.tfstate diff --git a/terraform/citrix-adc/.gitignore b/terraform/citrix-adc/.gitignore index cc130c5..87ddef9 100644 --- a/terraform/citrix-adc/.gitignore +++ b/terraform/citrix-adc/.gitignore @@ -1,4 +1,4 @@ .terraform.lock.hcl /.terraform -terraform.tfstate +!terraform.tfstate terraform.tfstate.backup \ No newline at end of file diff --git a/terraform/citrix-adc/terraform.tfstate b/terraform/citrix-adc/terraform.tfstate new file mode 100644 index 0000000..a43c932 --- /dev/null +++ b/terraform/citrix-adc/terraform.tfstate @@ -0,0 +1,323 @@ +{ + "version": 4, + "terraform_version": "1.5.6", + "serial": 2428, + "lineage": "ea233f05-237f-8b47-c33f-a3bee3c83f59", + "outputs": {}, + "resources": [ + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_authenticationldapaction", + "name": "auth_authenticationldapaction", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alternateemailattr": "", + "attribute1": "", + "attribute10": "", + "attribute11": "", + "attribute12": "", + "attribute13": "", + "attribute14": "", + "attribute15": "", + "attribute16": "", + "attribute2": "", + "attribute3": "", + "attribute4": "", + "attribute5": "", + "attribute6": "", + "attribute7": "", + "attribute8": "", + "attribute9": "", + "attributes": "", + "authentication": "ENABLED", + "authtimeout": 1, + "cloudattributes": "DISABLED", + "defaultauthenticationgroup": "", + "email": "mail", + "followreferrals": "OFF", + "groupattrname": "", + "groupnameidentifier": "", + "groupsearchattribute": "", + "groupsearchfilter": "", + "groupsearchsubattribute": "", + "id": "act_ldaps", + "kbattribute": "", + "ldapbase": "dc=go-euc,dc=local", + "ldapbinddn": "CN=Administrator,CN=Users,DC=go-euc,DC=local", + "ldapbinddnpassword": "Password1!", + "ldaphostname": "", + "ldaploginname": "username", + "maxldapreferrals": null, + "maxnestinglevel": null, + "mssrvrecordlocation": "dc._msdcs", + "name": "act_ldaps", + "nestedgroupextraction": "OFF", + "otpsecret": "", + "passwdchange": "DISABLED", + "pushservice": "", + "referraldnslookup": "A-REC", + "requireuser": "YES", + "searchfilter": "", + "sectype": "SSL", + "serverip": "192.168.176.142", + "servername": "", + "serverport": 636, + "sshpublickey": "", + "ssonameattribute": "", + "subattributename": "", + "svrtype": "AD", + "validateservercert": "NO" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_authenticationpolicy", + "name": "auth_authpolicy", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "action": "act_ldaps", + "comment": "", + "id": "pol_auth_ldaps", + "logaction": "", + "name": "pol_auth_ldaps", + "newname": "", + "rule": "True", + "undefaction": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationldapaction.auth_authenticationldapaction" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_authenticationpolicy", + "name": "tf_authenticationpolicy", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "action": "act_ldaps", + "comment": "", + "id": "pol_auth_ldaps", + "logaction": "", + "name": "pol_auth_ldaps", + "newname": "", + "rule": "True", + "undefaction": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationldapaction.auth_authenticationldapaction" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslcipher", + "name": "ssl_cg_fe_TLS1213", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS1213", + "ciphersuitebinding": [ + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", + "cipherpriority": 5 + }, + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", + "cipherpriority": 4 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", + "cipherpriority": 7 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", + "cipherpriority": 6 + }, + { + "ciphername": "TLS1.3-AES128-GCM-SHA256", + "cipherpriority": 3 + }, + { + "ciphername": "TLS1.3-AES256-GCM-SHA384", + "cipherpriority": 2 + }, + { + "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", + "cipherpriority": 1 + } + ], + "id": "ssl_cg_GO-EUC_fe_TLS1213" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslparameter", + "name": "ssl_enable_sslprofiles", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "crlmemorysizemb": null, + "cryptodevdisablelimit": null, + "defaultprofile": "ENABLED", + "denysslreneg": "ALL", + "dropreqwithnohostheader": "NO", + "encrypttriggerpktcount": null, + "heterogeneoussslhw": "DISABLED", + "hybridfipsmode": "DISABLED", + "id": "tf-sslparameter-20230908102842993000000002", + "insertcertspace": "YES", + "insertionencoding": "Unicode", + "ndcppcompliancecertcheck": "NO", + "ocspcachesize": null, + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "sendclosenotify": "YES", + "snihttphostmatch": "CERT", + "softwarecryptothreshold": null, + "sslierrorcache": "DISABLED", + "sslimaxerrorcachemem": null, + "ssltriggertimeout": null, + "strictcachecks": "NO", + "undefactioncontrol": "CLIENTAUTH", + "undefactiondata": "NOOP" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_fe_1213", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "NONE", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_fe_TLS1213", + "includesubdomains": "NO", + "insertionencoding": "Unicode", + "maxage": null, + "name": "ssl_prof_GO-EUC_fe_TLS1213", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": null, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "ENABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 120, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "DISABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "FrontEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "ENABLED", + "tls13": "ENABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + } + ], + "check_results": null +} From 4224b0f28eb7b26664d59f3b4e8a8a3ee16960b9 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Fri, 8 Sep 2023 13:26:14 +0200 Subject: [PATCH 08/11] Fix merges and include count indexes --- terraform/citrix-adc/main.tf | 1 + .../base_gateway.tf | 8 +- .../base_vservers.tf | 13 - .../netscaler.base.configuration/variables.tf | 9 - .../virtual_servers.tf | 88 - terraform/citrix-adc/terraform.tfstate | 1862 +++++++++++++++-- 6 files changed, 1716 insertions(+), 265 deletions(-) delete mode 100644 terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index 30e5473..32ca839 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -8,6 +8,7 @@ module "base_configuration" { base_configuration_snip = var.base_configuration_snip + # Virtual Servers / Services creation # base_vservers.tf servers = var.servers diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf index 6a87546..73f4463 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf @@ -10,7 +10,8 @@ resource "citrixadc_authenticationvserver" "aaa_vserver" { # Bind authentication policy to AAA vserver resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa_policy_bind" { - name = citrixadc_authenticationvserver.aaa_vserver.name + count = var.base_configuration.advanced ? 1 : 0 + name = citrixadc_authenticationvserver.aaa_vserver[count.index].name policy = citrixadc_authenticationpolicy.auth_authpolicy.name priority = 90 bindpoint = "REQUEST" @@ -20,8 +21,9 @@ resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa # Create authentication profile resource "citrixadc_authenticationauthnprofile" "gw_authentication_profile" { + count = var.base_configuration.advanced ? 1 : 0 name = "authprof_aaa_ldaps" - authnvsname = citrixadc_authenticationvserver.aaa_vserver.name + authnvsname = citrixadc_authenticationvserver.aaa_vserver[count.index].name } # Create Gateway vServer @@ -32,7 +34,7 @@ resource "citrixadc_vpnvserver" "gw_vserver" { ipv46 = var.gateway.ipv46 port = var.gateway.port dtls = var.gateway.dtls - authnprofile = citrixadc_authenticationauthnprofile.gw_authentication_profile.name + authnprofile = citrixadc_authenticationauthnprofile.gw_authentication_profile[count.index].name tcpprofilename = "tcp_prof_${var.base_configuration.environment_prefix}" httpprofilename = "http_prof_${var.base_configuration.environment_prefix}" diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf index 574e624..8cd3b68 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf @@ -48,16 +48,3 @@ resource "citrixadc_lbvserver" "lb_vserver" { } - -# # Bind LB Service Groups to LB vServers -# resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { -# count = length(var.adc-lb.name) -# name = "lb_vs_${local.countvalue}" -# servicegroupname = "lb_sg_${local.countvalue}" - -# depends_on = [ -# citrixadc_lbvserver.lb_vserver -# ] -# } - - diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf index 1a7b9eb..a77150b 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -31,15 +31,6 @@ variable base_configuration_snip { }) } -# All backend services to be created -variable backend_services { - description = "All backend services to be created" - type = map(object({ - hostname = string - ip = string - })) -} - # All backend servers to be created variable servers { diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf deleted file mode 100644 index 581d407..0000000 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/virtual_servers.tf +++ /dev/null @@ -1,88 +0,0 @@ -locals { - httpprofilename = "http_prof_${var.adc-base.environmentname}" - tcpprofilename = "tcp_prof_${var.adc-base.environmentname}" - sslprofilename = "ssl_prof_${var.adc-base.environmentname}_fe_TLS1213" -} - -##### -# Add LB Server -##### -resource "citrixadc_server" "lb_server" { - count = length(var.adc-lb-srv.name) - name = "lb_srv_${element(var.adc-lb-srv["name"],count.index)}" - ipaddress = element(var.adc-lb-srv["ip"],count.index) -} - -##### -# Add LB Service Groups -##### -resource "citrixadc_servicegroup" "lb_servicegroup" { - count = length(var.adc-lb.name) - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servicetype = element(var.adc-lb["type"],count.index) - - depends_on = [ - citrixadc_server.lb_server - ] -} - -##### -# Bind LB Server to Service Groups -##### -resource "citrixadc_servicegroup_servicegroupmember_binding" "lb_sg_server_binding" { - count = length(var.adc-lb.name) - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servername = "lb_srv_${element(var.adc-lb["backend-server"],count.index)}" - port = element(var.adc-lb["port"],count.index) - - depends_on = [ - citrixadc_servicegroup.lb_servicegroup - ] -} - -##### -# Add and configure LB vServer -##### -resource "citrixadc_lbvserver" "lb_vserver" { - count = length(var.adc-lb.name) - name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - - servicetype = element(var.adc-lb["type"],count.index) - ipv46 = element(var.adc-lb["lb-type"],count.index) == "direct" ? "9.9.9.9" : "0.0.0.0" - port = element(var.adc-lb["lb-type"],count.index) == "direct" ? element(var.adc-lb["port"],count.index) : "0" - lbmethod = var.adc-lb-generic.lbmethod - persistencetype = var.adc-lb-generic.persistencetype - timeout = var.adc-lb-generic.timeout - sslprofile = element(var.adc-lb["type"],count.index) == "SSL" ? local.sslprofilename : null - httpprofilename = element(var.adc-lb["type"],count.index) == "DNS" || element(var.adc-lb["type"],count.index) == "TCP" ? null : local.httpprofilename - tcpprofilename = element(var.adc-lb["type"],count.index) == "DNS" ? null : local.tcpprofilename - - depends_on = [ - citrixadc_servicegroup_servicegroupmember_binding.lb_sg_server_binding - ] -} - -##### -# Bind LB Service Groups to LB vServers -##### -resource "citrixadc_lbvserver_servicegroup_binding" "lb_vserver_sg_binding" { - count = length(var.adc-lb.name) - name = "lb_vs_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - servicegroupname = "lb_sg_${element(var.adc-lb["name"],count.index)}.${var.adc-lb.fqdn_int}_${element(var.adc-lb["type"],count.index)}_${element(var.adc-lb["port"],count.index)}" - - depends_on = [ - citrixadc_lbvserver.lb_vserver - ] -} - -##### -# Save config -##### -resource "citrixadc_nsconfig_save" "save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_lbvserver_servicegroup_binding.lb_vserver_sg_binding - ] -} \ No newline at end of file diff --git a/terraform/citrix-adc/terraform.tfstate b/terraform/citrix-adc/terraform.tfstate index a43c932..ced7c0c 100644 --- a/terraform/citrix-adc/terraform.tfstate +++ b/terraform/citrix-adc/terraform.tfstate @@ -1,10 +1,37 @@ { "version": 4, "terraform_version": "1.5.6", - "serial": 2428, - "lineage": "ea233f05-237f-8b47-c33f-a3bee3c83f59", + "serial": 35, + "lineage": "97149f73-d9db-ebe1-3ba9-2e09ac24de2d", "outputs": {}, "resources": [ + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_authenticationauthnprofile", + "name": "gw_authentication_profile", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "authenticationdomain": "", + "authenticationhost": "", + "authenticationlevel": null, + "authnvsname": "AAA_LDAPS", + "id": "authprof_aaa_ldaps", + "name": "authprof_aaa_ldaps" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" + ] + } + ] + }, { "module": "module.base_configuration", "mode": "managed", @@ -107,26 +134,36 @@ { "module": "module.base_configuration", "mode": "managed", - "type": "citrixadc_authenticationpolicy", - "name": "tf_authenticationpolicy", + "type": "citrixadc_authenticationvserver", + "name": "aaa_vserver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", "instances": [ { + "index_key": 0, "schema_version": 1, "attributes": { - "action": "act_ldaps", + "appflowlog": "ENABLED", + "authentication": "ON", + "authenticationdomain": "", + "certkeynames": "", "comment": "", - "id": "pol_auth_ldaps", - "logaction": "", - "name": "pol_auth_ldaps", + "failedlogintimeout": 0, + "id": "AAA_LDAPS", + "ipv46": "0.0.0.0", + "maxloginattempts": 0, + "name": "AAA_LDAPS", "newname": "", - "rule": "True", - "undefaction": "" + "port": 0, + "range": null, + "samesite": "", + "servicetype": "SSL", + "state": "ENABLED", + "td": null }, "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ - "module.base_configuration.citrixadc_authenticationldapaction.auth_authenticationldapaction" + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" ] } ] @@ -134,50 +171,254 @@ { "module": "module.base_configuration", "mode": "managed", - "type": "citrixadc_sslcipher", - "name": "ssl_cg_fe_TLS1213", + "type": "citrixadc_lbvserver", + "name": "lb_vserver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", "instances": [ { + "index_key": "lb_ldaps", "schema_version": 1, "attributes": { - "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS1213", - "ciphersuitebinding": [ - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", - "cipherpriority": 5 - }, - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", - "cipherpriority": 4 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", - "cipherpriority": 7 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", - "cipherpriority": 6 - }, - { - "ciphername": "TLS1.3-AES128-GCM-SHA256", - "cipherpriority": 3 - }, - { - "ciphername": "TLS1.3-AES256-GCM-SHA384", - "cipherpriority": 2 - }, - { - "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", - "cipherpriority": 1 - } - ], - "id": "ssl_cg_GO-EUC_fe_TLS1213" + "appflowlog": "ENABLED", + "authentication": "OFF", + "authenticationhost": "", + "authn401": "OFF", + "authnprofile": "", + "authnvsname": "", + "backuplbmethod": "", + "backuppersistencetimeout": 2, + "backupvserver": "", + "bypassaaaa": "NO", + "cacheable": "NO", + "ciphers": null, + "ciphersuites": null, + "clttimeout": null, + "comment": "", + "connfailover": "DISABLED", + "cookiename": "", + "datalength": null, + "dataoffset": null, + "dbprofilename": "", + "dbslb": "", + "disableprimaryondown": "DISABLED", + "dns64": "DISABLED", + "dnsprofilename": "", + "downstateflush": "ENABLED", + "hashlength": 0, + "healththreshold": null, + "httpprofilename": "", + "httpsredirecturl": "", + "icmpvsrresponse": "PASSIVE", + "id": "lb_ldaps", + "insertvserveripport": "OFF", + "ipmask": "*", + "ippattern": "0.0.0.0", + "ipset": "", + "ipv46": "192.168.176.142", + "l2conn": "OFF", + "lbmethod": "ROUNDROBIN", + "lbprofilename": "", + "listenpolicy": "NONE", + "listenpriority": 0, + "m": "IP", + "macmoderetainvlan": "DISABLED", + "maxautoscalemembers": null, + "minautoscalemembers": null, + "mssqlserverversion": "", + "mysqlcharacterset": 0, + "mysqlprotocolversion": 0, + "mysqlservercapabilities": 0, + "mysqlserverversion": "", + "name": "lb_ldaps", + "netmask": "", + "netprofile": "", + "newname": "", + "newservicerequest": 0, + "newservicerequestincrementinterval": 0, + "newservicerequestunit": "PER_SECOND", + "oracleserverversion": "", + "persistencebackup": "NONE", + "persistencetype": "SOURCEIP", + "persistmask": "255.255.255.255", + "port": 636, + "pq": "", + "probeport": 0, + "probeprotocol": "", + "processlocal": "DISABLED", + "push": "DISABLED", + "pushlabel": "none", + "pushmulticlients": "NO", + "pushvserver": "", + "quicbridgeprofilename": "", + "range": null, + "recursionavailable": "", + "redirectfromport": 0, + "redirectportrewrite": "DISABLED", + "redirurl": "", + "redirurlflags": false, + "resrule": "", + "retainconnectionsoncluster": "NO", + "rhistate": "PASSIVE", + "rtspnat": "OFF", + "rule": "", + "sc": "", + "servicename": "", + "servicetype": "SSL_TCP", + "sessionless": "DISABLED", + "skippersistency": "None", + "snisslcertkeys": null, + "sobackupaction": "", + "somethod": "NONE", + "sopersistence": "DISABLED", + "sopersistencetimeout": null, + "sothreshold": 0, + "sslcertkey": null, + "sslpolicybinding": [], + "sslprofile": "ssl_prof_GO-EUC_fe_TLS1213", + "state": "ENABLED", + "tcpprofilename": "tcp_prof_GO-EUC", + "td": null, + "timeout": 180, + "tosid": 0, + "trofspersistence": "ENABLED", + "v6netmasklen": 0, + "v6persistmasklen": null, + "vipheader": "", + "weight": 0 }, "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", + "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" + ] + }, + { + "index_key": "lb_storefront", + "schema_version": 1, + "attributes": { + "appflowlog": "ENABLED", + "authentication": "OFF", + "authenticationhost": "", + "authn401": "OFF", + "authnprofile": "", + "authnvsname": "", + "backuplbmethod": "", + "backuppersistencetimeout": 2, + "backupvserver": "", + "bypassaaaa": "NO", + "cacheable": "NO", + "ciphers": null, + "ciphersuites": null, + "clttimeout": null, + "comment": "", + "connfailover": "DISABLED", + "cookiename": "", + "datalength": null, + "dataoffset": null, + "dbprofilename": "", + "dbslb": "", + "disableprimaryondown": "DISABLED", + "dns64": "DISABLED", + "dnsprofilename": "", + "downstateflush": "ENABLED", + "hashlength": 0, + "healththreshold": null, + "httpprofilename": "http_prof_GO-EUC", + "httpsredirecturl": "", + "icmpvsrresponse": "PASSIVE", + "id": "lb_storefront", + "insertvserveripport": "OFF", + "ipmask": "*", + "ippattern": "0.0.0.0", + "ipset": "", + "ipv46": "192.168.176.143", + "l2conn": "OFF", + "lbmethod": "ROUNDROBIN", + "lbprofilename": "", + "listenpolicy": "NONE", + "listenpriority": 0, + "m": "IP", + "macmoderetainvlan": "DISABLED", + "maxautoscalemembers": null, + "minautoscalemembers": null, + "mssqlserverversion": "", + "mysqlcharacterset": 0, + "mysqlprotocolversion": 0, + "mysqlservercapabilities": 0, + "mysqlserverversion": "", + "name": "lb_storefront", + "netmask": "", + "netprofile": "", + "newname": "", + "newservicerequest": 0, + "newservicerequestincrementinterval": 0, + "newservicerequestunit": "PER_SECOND", + "oracleserverversion": "", + "persistencebackup": "NONE", + "persistencetype": "SOURCEIP", + "persistmask": "255.255.255.255", + "port": 80, + "pq": "", + "probeport": 0, + "probeprotocol": "", + "processlocal": "DISABLED", + "push": "DISABLED", + "pushlabel": "none", + "pushmulticlients": "NO", + "pushvserver": "", + "quicbridgeprofilename": "", + "range": null, + "recursionavailable": "", + "redirectfromport": 0, + "redirectportrewrite": "DISABLED", + "redirurl": "", + "redirurlflags": false, + "resrule": "", + "retainconnectionsoncluster": "NO", + "rhistate": "PASSIVE", + "rtspnat": "OFF", + "rule": "", + "sc": "", + "servicename": "", + "servicetype": "HTTP", + "sessionless": "DISABLED", + "skippersistency": "None", + "snisslcertkeys": null, + "sobackupaction": "", + "somethod": "NONE", + "sopersistence": "DISABLED", + "sopersistencetimeout": null, + "sothreshold": 0, + "sslcertkey": null, + "sslpolicybinding": [], + "sslprofile": "", + "state": "ENABLED", + "tcpprofilename": "tcp_prof_GO-EUC", + "td": null, + "timeout": 180, + "tosid": 0, + "trofspersistence": "ENABLED", + "v6netmasklen": 0, + "v6persistmasklen": null, + "vipheader": "", + "weight": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", + "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" ] } ] @@ -185,138 +426,1455 @@ { "module": "module.base_configuration", "mode": "managed", - "type": "citrixadc_sslparameter", - "name": "ssl_enable_sslprofiles", + "type": "citrixadc_nsconfig_save", + "name": "base_save", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", "instances": [ { "schema_version": 1, "attributes": { - "crlmemorysizemb": null, - "cryptodevdisablelimit": null, - "defaultprofile": "ENABLED", - "denysslreneg": "ALL", - "dropreqwithnohostheader": "NO", - "encrypttriggerpktcount": null, - "heterogeneoussslhw": "DISABLED", - "hybridfipsmode": "DISABLED", - "id": "tf-sslparameter-20230908102842993000000002", - "insertcertspace": "YES", - "insertionencoding": "Unicode", - "ndcppcompliancecertcheck": "NO", - "ocspcachesize": null, - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "sendclosenotify": "YES", - "snihttphostmatch": "CERT", - "softwarecryptothreshold": null, - "sslierrorcache": "DISABLED", - "sslimaxerrorcachemem": null, - "ssltriggertimeout": null, - "strictcachecks": "NO", - "undefactioncontrol": "CLIENTAUTH", - "undefactiondata": "NOOP" + "all": true, + "concurrent_save_interval": "10s", + "concurrent_save_ok": true, + "concurrent_save_retries": 0, + "concurrent_save_timeout": "5m", + "id": "2023-09-08T11:25:55Z", + "save_on_destroy": false, + "timestamp": "2023-09-08T11:25:55Z" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_nshostname.base_hostname", + "module.base_configuration.citrixadc_nsip.base_snip", + "module.base_configuration.citrixadc_nsmode.base_nsmode", + "module.base_configuration.citrixadc_nsparam.base_nsparam", + "module.base_configuration.citrixadc_systemparameter.base_systemparam" + ] } ] }, { "module": "module.base_configuration", "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_fe_1213", + "type": "citrixadc_nsconfig_save", + "name": "ssl_save", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", "instances": [ { "schema_version": 1, "attributes": { - "alpnprotocol": "NONE", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_fe_TLS1213", - "includesubdomains": "NO", - "insertionencoding": "Unicode", - "maxage": null, - "name": "ssl_prof_GO-EUC_fe_TLS1213", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": null, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "ENABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 120, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "DISABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "FrontEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "ENABLED", - "tls13": "ENABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" + "all": true, + "concurrent_save_interval": "10s", + "concurrent_save_ok": true, + "concurrent_save_retries": 0, + "concurrent_save_timeout": "5m", + "id": "2023-09-08T11:25:52Z", + "save_on_destroy": false, + "timestamp": "2023-09-08T11:25:52Z" }, "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_be_TLS12", "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_be_12", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_1213", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13" ] } ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nsfeature", + "name": "advanced_nsfeature", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "aaa": true, + "adaptivetcp": false, + "apigateway": false, + "appflow": false, + "appfw": false, + "appqoe": false, + "bgp": false, + "bot": false, + "cf": false, + "ch": false, + "ci": false, + "cloudbridge": false, + "cmp": false, + "contentaccelerator": false, + "cqa": false, + "cr": false, + "cs": true, + "feo": false, + "forwardproxy": false, + "gslb": false, + "hdosp": false, + "htmlinjection": false, + "ic": false, + "id": "tf-nsfeature-20230908112551135000000004", + "ipv6pt": false, + "isis": false, + "lb": true, + "lsn": false, + "ospf": false, + "pq": false, + "push": false, + "rdpproxy": false, + "rep": false, + "responder": true, + "rewrite": true, + "rip": false, + "rise": false, + "sp": false, + "ssl": true, + "sslinterception": false, + "sslvpn": true, + "urlfiltering": false, + "videooptimization": false, + "wl": false + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nshostname", + "name": "base_hostname", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "hostname": "GOEUC-ADC-01", + "id": "tf-nshostname-20230908112551193700000005", + "ownernode": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nshttpprofile", + "name": "base_http_prof", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "adpttimeout": "DISABLED", + "altsvc": "DISABLED", + "altsvcvalue": "", + "apdexcltresptimethreshold": null, + "clientiphdrexpr": "", + "cmponpush": "DISABLED", + "conmultiplex": "ENABLED", + "dropextracrlf": "ENABLED", + "dropextradata": "DISABLED", + "dropinvalreqs": "ENABLED", + "grpcholdlimit": null, + "grpcholdtimeout": null, + "grpclengthdelimitation": "ENABLED", + "http2": "ENABLED", + "http2altsvcframe": "DISABLED", + "http2direct": "DISABLED", + "http2headertablesize": null, + "http2initialconnwindowsize": null, + "http2initialwindowsize": null, + "http2maxconcurrentstreams": null, + "http2maxemptyframespermin": null, + "http2maxframesize": null, + "http2maxheaderlistsize": null, + "http2maxpingframespermin": null, + "http2maxresetframespermin": null, + "http2maxsettingsframespermin": null, + "http2minseverconn": null, + "http2strictcipher": "ENABLED", + "http3": "DISABLED", + "http3maxheaderblockedstreams": null, + "http3maxheaderfieldsectionsize": null, + "http3maxheadertablesize": null, + "id": "http_prof_GO-EUC", + "incomphdrdelay": null, + "markconnreqinval": "ENABLED", + "markhttp09inval": "ENABLED", + "markhttpheaderextrawserror": "DISABLED", + "markrfc7230noncompliantinval": "DISABLED", + "marktracereqinval": "DISABLED", + "maxheaderlen": null, + "maxreq": null, + "maxreusepool": null, + "minreusepool": null, + "name": "http_prof_GO-EUC", + "persistentetag": "DISABLED", + "reqtimeout": null, + "reqtimeoutaction": "", + "reusepooltimeout": null, + "rtsptunnel": "DISABLED", + "spdy": "", + "weblog": "DISABLED", + "websocket": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nsip", + "name": "base_snip", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "advertiseondefaultpartition": "DISABLED", + "arp": "ENABLED", + "arpresponse": "NONE", + "bgp": "", + "decrementttl": "DISABLED", + "dynamicrouting": "DISABLED", + "ftp": "ENABLED", + "gui": "ENABLED", + "hostroute": "DISABLED", + "hostrtgw": "", + "icmp": "ENABLED", + "icmpresponse": "NONE", + "id": "192.168.1.249", + "ipaddress": "192.168.1.249", + "metric": 0, + "mgmtaccess": "DISABLED", + "mptcpadvertise": "NO", + "netmask": "255.255.255.0", + "networkroute": "DISABLED", + "ospf": "", + "ospfarea": 0, + "ospflsatype": "TYPE5", + "ownerdownresponse": "YES", + "ownernode": "255", + "restrictaccess": "DISABLED", + "rip": "", + "snmp": "ENABLED", + "ssh": "ENABLED", + "state": "ENABLED", + "tag": null, + "td": null, + "telnet": "ENABLED", + "type": "SNIP", + "vrid": 0, + "vserver": "DISABLED", + "vserverrhilevel": "ONE_VSERVER", + "vserverrhimode": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nsmode", + "name": "base_nsmode", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "bridgebpdus": false, + "cka": false, + "dradv": false, + "dradv6": false, + "edge": true, + "fr": true, + "id": "tf-nsmode-20230908112551201000000006", + "iradv": false, + "l2": false, + "l3": false, + "mbf": false, + "mediaclassification": false, + "pmtud": true, + "sradv": false, + "sradv6": false, + "tcpb": false, + "ulfd": false, + "usip": false, + "usnip": true + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nsparam", + "name": "base_nsparam", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "advancedanalyticsstats": "DISABLED", + "aftpallowrandomsourceport": "DISABLED", + "cip": "DISABLED", + "cipheader": "", + "cookieversion": "0", + "crportrange": "", + "exclusivequotamaxclient": null, + "exclusivequotaspillover": null, + "ftpportrange": "", + "grantquotamaxclient": null, + "grantquotaspillover": null, + "id": "tf-nsparam-20230908112551133000000001", + "internaluserlogin": "ENABLED", + "maxconn": null, + "maxreq": null, + "mgmthttpport": 80, + "mgmthttpsport": 443, + "pmtumin": null, + "pmtutimeout": 10, + "proxyprotocol": "DISABLED", + "securecookie": "ENABLED", + "servicepathingressvlan": 0, + "tcpcip": "DISABLED", + "timezone": "GMT+02:00-CEST-Europe/Berlin", + "useproxyport": "ENABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_nstcpprofile", + "name": "base_tcp_prof", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ackaggregation": "DISABLED", + "ackonpush": "ENABLED", + "applyadaptivetcp": "DISABLED", + "buffersize": 131072, + "burstratecontrol": "DISABLED", + "clientiptcpoption": "DISABLED", + "clientiptcpoptionnumber": 0, + "delayedack": 100, + "dropestconnontimeout": "ENABLED", + "drophalfclosedconnontimeout": "ENABLED", + "dsack": "ENABLED", + "dupackthresh": 3, + "dynamicreceivebuffering": "ENABLED", + "ecn": "DISABLED", + "establishclientconn": "AUTOMATIC", + "fack": "ENABLED", + "flavor": "BIC", + "frto": "ENABLED", + "hystart": "DISABLED", + "id": "tcp_prof_GO-EUC", + "initialcwnd": 10, + "ka": "DISABLED", + "kaconnidletime": 900, + "kamaxprobes": 3, + "kaprobeinterval": 75, + "kaprobeupdatelastactivity": "ENABLED", + "maxburst": 6, + "maxcwnd": 524288, + "maxpktpermss": 0, + "minrto": 1000, + "mpcapablecbit": "DISABLED", + "mptcp": "DISABLED", + "mptcpdropdataonpreestsf": "DISABLED", + "mptcpfastopen": "DISABLED", + "mptcpsessiontimeout": 0, + "mss": 1460, + "nagle": "ENABLED", + "name": "tcp_prof_GO-EUC", + "oooqsize": 300, + "pktperretx": 1, + "rateqmax": 0, + "rstmaxack": "ENABLED", + "rstwindowattenuate": "DISABLED", + "sack": "ENABLED", + "sendbuffsize": 131072, + "sendclientportintcpoption": "DISABLED", + "slowstartincr": 2, + "slowstartthreshold": 524288, + "spoofsyndrop": "DISABLED", + "syncookie": "ENABLED", + "taillossprobe": "DISABLED", + "tcpfastopen": "DISABLED", + "tcpfastopencookiesize": 8, + "tcpmode": "TRANSPARENT", + "tcprate": 0, + "tcpsegoffload": "AUTOMATIC", + "timestamp": "DISABLED", + "ws": "ENABLED", + "wsval": 8 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_server", + "name": "lb_server", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "index_key": "srv_dc01", + "schema_version": 1, + "attributes": { + "comment": "", + "delay": null, + "domain": "", + "domainresolvenow": false, + "domainresolveretry": 0, + "graceful": null, + "id": "srv_dc01", + "internal": false, + "ipaddress": "192.168.1.12", + "ipv6address": "NO", + "name": "srv_dc01", + "querytype": "", + "state": "ENABLED", + "td": null, + "translationip": "0.0.0.0", + "translationmask": "0.0.0.0" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + }, + { + "index_key": "srv_dc02", + "schema_version": 1, + "attributes": { + "comment": "", + "delay": null, + "domain": "", + "domainresolvenow": false, + "domainresolveretry": 0, + "graceful": null, + "id": "srv_dc02", + "internal": false, + "ipaddress": "192.168.1.13", + "ipv6address": "NO", + "name": "srv_dc02", + "querytype": "", + "state": "ENABLED", + "td": null, + "translationip": "0.0.0.0", + "translationmask": "0.0.0.0" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + }, + { + "index_key": "srv_storefront01", + "schema_version": 1, + "attributes": { + "comment": "", + "delay": null, + "domain": "", + "domainresolvenow": false, + "domainresolveretry": 0, + "graceful": null, + "id": "srv_storefront01", + "internal": false, + "ipaddress": "192.168.1.10", + "ipv6address": "NO", + "name": "srv_storefront01", + "querytype": "", + "state": "ENABLED", + "td": null, + "translationip": "0.0.0.0", + "translationmask": "0.0.0.0" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + }, + { + "index_key": "srv_storefront02", + "schema_version": 1, + "attributes": { + "comment": "", + "delay": null, + "domain": "", + "domainresolvenow": false, + "domainresolveretry": 0, + "graceful": null, + "id": "srv_storefront02", + "internal": false, + "ipaddress": "192.168.1.11", + "ipv6address": "NO", + "name": "srv_storefront02", + "querytype": "", + "state": "ENABLED", + "td": null, + "translationip": "0.0.0.0", + "translationmask": "0.0.0.0" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_servicegroup", + "name": "lb_servicegroup", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "index_key": "svcg_dc", + "schema_version": 1, + "attributes": { + "appflowlog": "ENABLED", + "autodisabledelay": 0, + "autodisablegraceful": "", + "autoscale": "DISABLED", + "cacheable": "NO", + "cachetype": "SERVER", + "cip": "DISABLED", + "cipheader": "", + "cka": "NO", + "clttimeout": 9000, + "cmp": "NO", + "comment": "", + "customserverid": "", + "dbsttl": 0, + "delay": null, + "downstateflush": "ENABLED", + "dupweight": 0, + "graceful": null, + "hashid": null, + "healthmonitor": "YES", + "httpprofilename": "", + "id": "svcg_ldaps", + "includemembers": false, + "lbmonitor": null, + "lbvservers": [ + "lb_ldaps" + ], + "maxbandwidth": null, + "maxclient": null, + "maxreq": null, + "memberport": 0, + "monconnectionclose": "NONE", + "monitornamesvc": "", + "monthreshold": null, + "nameserver": "0.0.0.0", + "netprofile": "", + "pathmonitor": "NO", + "pathmonitorindv": "NO", + "port": 0, + "riseapbrstatsmsgcode": 0, + "rtspsessionidremap": "OFF", + "sc": "", + "serverid": 0, + "servername": "", + "servicegroupmembers": null, + "servicegroupmembers_by_servername": [ + "srv_dc01:636:1", + "srv_dc02:636:1" + ], + "servicegroupname": "svcg_ldaps", + "servicetype": "SSL_TCP", + "sp": "OFF", + "state": "ENABLED", + "svrtimeout": 9000, + "tcpb": "NO", + "tcpprofilename": "", + "td": null, + "useproxyport": "YES", + "usip": "NO", + "weight": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_lbvserver.lb_vserver", + "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", + "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", + "module.base_configuration.citrixadc_server.lb_server", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" + ] + }, + { + "index_key": "svcg_storefront", + "schema_version": 1, + "attributes": { + "appflowlog": "ENABLED", + "autodisabledelay": 0, + "autodisablegraceful": "", + "autoscale": "DISABLED", + "cacheable": "NO", + "cachetype": "SERVER", + "cip": "DISABLED", + "cipheader": "", + "cka": "NO", + "clttimeout": 180, + "cmp": "NO", + "comment": "", + "customserverid": "", + "dbsttl": 0, + "delay": null, + "downstateflush": "ENABLED", + "dupweight": 0, + "graceful": null, + "hashid": null, + "healthmonitor": "YES", + "httpprofilename": "", + "id": "svcg_storefront", + "includemembers": false, + "lbmonitor": null, + "lbvservers": [ + "lb_storefront" + ], + "maxbandwidth": null, + "maxclient": null, + "maxreq": null, + "memberport": 0, + "monconnectionclose": "NONE", + "monitornamesvc": "", + "monthreshold": null, + "nameserver": "0.0.0.0", + "netprofile": "", + "pathmonitor": "NO", + "pathmonitorindv": "NO", + "port": 0, + "riseapbrstatsmsgcode": 0, + "rtspsessionidremap": "OFF", + "sc": "", + "serverid": 0, + "servername": "", + "servicegroupmembers": null, + "servicegroupmembers_by_servername": [ + "srv_storefront01:80:1", + "srv_storefront02:80:2" + ], + "servicegroupname": "svcg_storefront", + "servicetype": "HTTP", + "sp": "OFF", + "state": "ENABLED", + "svrtimeout": 360, + "tcpb": "NO", + "tcpprofilename": "", + "td": null, + "useproxyport": "YES", + "usip": "NO", + "weight": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_lbvserver.lb_vserver", + "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", + "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", + "module.base_configuration.citrixadc_server.lb_server", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslcipher", + "name": "ssl_cg_be_TLS12", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ciphergroupname": "ssl_cg_GO-EUC_be_TLS12", + "ciphersuitebinding": [ + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", + "cipherpriority": 2 + }, + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-SHA256", + "cipherpriority": 4 + }, + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", + "cipherpriority": 1 + }, + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-SHA384", + "cipherpriority": 3 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES-128-SHA256", + "cipherpriority": 8 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES-256-SHA384", + "cipherpriority": 7 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", + "cipherpriority": 6 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", + "cipherpriority": 5 + } + ], + "id": "ssl_cg_GO-EUC_be_TLS12" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslcipher", + "name": "ssl_cg_fe_TLS1213", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS1213", + "ciphersuitebinding": [ + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", + "cipherpriority": 5 + }, + { + "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", + "cipherpriority": 4 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", + "cipherpriority": 7 + }, + { + "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", + "cipherpriority": 6 + }, + { + "ciphername": "TLS1.3-AES128-GCM-SHA256", + "cipherpriority": 3 + }, + { + "ciphername": "TLS1.3-AES256-GCM-SHA384", + "cipherpriority": 2 + }, + { + "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", + "cipherpriority": 1 + } + ], + "id": "ssl_cg_GO-EUC_fe_TLS1213" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslcipher", + "name": "ssl_cg_fe_TLS13", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS13", + "ciphersuitebinding": [ + { + "ciphername": "TLS1.3-AES128-GCM-SHA256", + "cipherpriority": 3 + }, + { + "ciphername": "TLS1.3-AES256-GCM-SHA384", + "cipherpriority": 2 + }, + { + "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", + "cipherpriority": 1 + } + ], + "id": "ssl_cg_GO-EUC_fe_TLS13" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslparameter", + "name": "ssl_enable_sslprofiles", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "crlmemorysizemb": null, + "cryptodevdisablelimit": null, + "defaultprofile": "ENABLED", + "denysslreneg": "ALL", + "dropreqwithnohostheader": "NO", + "encrypttriggerpktcount": null, + "heterogeneoussslhw": "DISABLED", + "hybridfipsmode": "DISABLED", + "id": "tf-sslparameter-20230908112551134000000003", + "insertcertspace": "YES", + "insertionencoding": "Unicode", + "ndcppcompliancecertcheck": "NO", + "ocspcachesize": null, + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "sendclosenotify": "YES", + "snihttphostmatch": "CERT", + "softwarecryptothreshold": null, + "sslierrorcache": "DISABLED", + "sslimaxerrorcachemem": null, + "ssltriggertimeout": null, + "strictcachecks": "NO", + "undefactioncontrol": "CLIENTAUTH", + "undefactiondata": "NOOP" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_be_12", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_be_TLS12", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_be_TLS12", + "includesubdomains": "NO", + "insertionencoding": "", + "maxage": null, + "name": "ssl_prof_GO-EUC_be_TLS12", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": 0, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "DISABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 300, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "DISABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "BackEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "ENABLED", + "tls13": "DISABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_be_TLS12", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_fe_1213", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "NONE", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_fe_TLS1213", + "includesubdomains": "NO", + "insertionencoding": "Unicode", + "maxage": null, + "name": "ssl_prof_GO-EUC_fe_TLS1213", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": null, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "ENABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 120, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "DISABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "FrontEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "ENABLED", + "tls13": "ENABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_fe_1213_SNI", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "NONE", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_fe_TLS1213_SNI", + "includesubdomains": "NO", + "insertionencoding": "Unicode", + "maxage": null, + "name": "ssl_prof_GO-EUC_fe_TLS1213_SNI", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": null, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "ENABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 120, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "ENABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "FrontEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "ENABLED", + "tls13": "ENABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_fe_13", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "NONE", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_fe_TLS13", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_fe_TLS13", + "includesubdomains": "NO", + "insertionencoding": "Unicode", + "maxage": null, + "name": "ssl_prof_GO-EUC_fe_TLS13", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": null, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "ENABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 120, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "DISABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "FrontEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "DISABLED", + "tls13": "ENABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslprofile", + "name": "ssl_prof_fe_13_SNI", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alpnprotocol": "NONE", + "cipherbindings": [ + { + "ciphername": "ssl_cg_GO-EUC_fe_TLS13", + "cipherpriority": 10 + } + ], + "ciphername": "", + "cipherpriority": null, + "cipherredirect": "DISABLED", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "DISABLED", + "clientauthuseboundcachain": "DISABLED", + "clientcert": "", + "commonname": "", + "denysslreneg": "NONSECURE", + "dh": "DISABLED", + "dhcount": null, + "dhekeyexchangewithpsk": "NO", + "dhfile": "", + "dhkeyexpsizelimit": "DISABLED", + "dropreqwithnohostheader": "NO", + "ecccurvebindings": [ + "P_224", + "P_256", + "P_384", + "P_521" + ], + "encrypttriggerpktcount": null, + "ersa": "DISABLED", + "ersacount": null, + "hsts": "DISABLED", + "id": "ssl_prof_GO-EUC_fe_TLS13_SNI", + "includesubdomains": "NO", + "insertionencoding": "Unicode", + "maxage": null, + "name": "ssl_prof_GO-EUC_fe_TLS13_SNI", + "ocspstapling": "DISABLED", + "preload": "NO", + "prevsessionkeylifetime": null, + "pushenctrigger": "Always", + "pushenctriggertimeout": null, + "pushflag": null, + "quantumsize": "8192", + "redirectportrewrite": "DISABLED", + "sendclosenotify": "YES", + "serverauth": "DISABLED", + "sessionkeylifetime": null, + "sessionticket": "DISABLED", + "sessionticketkeydata": "", + "sessionticketkeyrefresh": "ENABLED", + "sessionticketlifetime": null, + "sessreuse": "ENABLED", + "sesstimeout": 120, + "skipclientcertpolicycheck": "DISABLED", + "snienable": "ENABLED", + "snihttphostmatch": "CERT", + "ssl3": "DISABLED", + "sslimaxsessperserver": null, + "sslinterception": "DISABLED", + "ssliocspcheck": "ENABLED", + "sslireneg": "ENABLED", + "ssllogprofile": "", + "sslprofiletype": "FrontEnd", + "sslredirect": "DISABLED", + "ssltriggertimeout": null, + "strictcachecks": "NO", + "strictsigdigestcheck": "DISABLED", + "tls1": "DISABLED", + "tls11": "DISABLED", + "tls12": "DISABLED", + "tls13": "ENABLED", + "tls13sessionticketsperauthcontext": null, + "zerorttearlydata": "DISABLED" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" + ] + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_sslvserver", + "name": "gw_vserver_sslprofile", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_systemparameter", + "name": "base_systemparam", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "basicauth": "ENABLED", + "cliloglevel": "INFORMATIONAL", + "doppler": "ENABLED", + "fipsusermode": "DISABLED", + "forcepasswordchange": "DISABLED", + "googleanalytics": "DISABLED", + "id": "tf-systemparameter-20230908112551133500000002", + "localauth": "ENABLED", + "maxclient": "40", + "minpasswordlen": null, + "natpcbforceflushlimit": null, + "natpcbrstontimeout": "DISABLED", + "promptstring": "", + "rbaonresponse": "ENABLED", + "reauthonauthparamchange": "DISABLED", + "removesensitivefiles": "DISABLED", + "restrictedtimeout": "DISABLED", + "strongpassword": "enableall", + "timeout": 900, + "totalauthtimeout": null + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnsessionaction", + "name": "gw_sess_act_receiver", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnsessionaction", + "name": "gw_sess_act_receiver_web", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnsessionpolicy", + "name": "gw_sess_pol_receiver", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnsessionpolicy", + "name": "gw_sess_pol_receiver_web", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnvserver", + "name": "gw_vserver", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnvserver_staserver_binding", + "name": "gw_vserver_staserver_binding", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", + "name": "gw_vserver_vpnsessionpolicy_binding_receiver", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] + }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", + "name": "gw_vserver_vpnsessionpolicy_binding_receiver_web", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [] } ], "check_results": null From b72ae6a834ae59b7f774cae38b0e74b33a338495 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Fri, 8 Sep 2023 15:36:31 +0200 Subject: [PATCH 09/11] Fixed gateway issues --- .../base_config.tf | 29 +- .../base_gateway.tf | 35 +- .../base_ldaps.tf | 19 +- .../base_profiles.tf | 14 - terraform/citrix-adc/terraform.tfstate | 553 +++++++++++++++--- 5 files changed, 518 insertions(+), 132 deletions(-) diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf index 8464806..b17c0a3 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf @@ -96,18 +96,19 @@ resource "citrixadc_systemparameter" "base_systemparam" { } -# Save config -resource "citrixadc_nsconfig_save" "base_save" { - all = true - timestamp = timestamp() +# # Save config +# resource "citrixadc_nsconfig_save" "base_save" { +# all = true +# timestamp = timestamp() - depends_on = [ - citrixadc_nsconfig_save.base_save, - citrixadc_nsfeature.advanced_nsfeature, - citrixadc_nshostname.base_hostname, - citrixadc_nsip.base_snip, - citrixadc_nsmode.base_nsmode, - citrixadc_nsparam.base_nsparam, - citrixadc_systemparameter.base_systemparam - ] -} +# depends_on = [ +# citrixadc_nsconfig_save.base_save, +# citrixadc_nsfeature.advanced_nsfeature, +# citrixadc_nshostname.base_hostname, +# citrixadc_nsip.base_snip, +# citrixadc_nsmode.base_nsmode, +# citrixadc_nsparam.base_nsparam, +# citrixadc_systemparameter.base_systemparam, +# citrixadc_sslvserver.gw_vserver_sslprofile +# ] +# } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf index 73f4463..69b5f16 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf @@ -8,15 +8,25 @@ resource "citrixadc_authenticationvserver" "aaa_vserver" { depends_on = [citrixadc_nsfeature.advanced_nsfeature] } -# Bind authentication policy to AAA vserver -resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa_policy_bind" { - count = var.base_configuration.advanced ? 1 : 0 - name = citrixadc_authenticationvserver.aaa_vserver[count.index].name - policy = citrixadc_authenticationpolicy.auth_authpolicy.name - priority = 90 - bindpoint = "REQUEST" - - depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] +# # Bind authentication policy to AAA vserver +# resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa_policy_bind" { +# count = var.base_configuration.advanced ? 1 : 0 +# name = citrixadc_authenticationvserver.aaa_vserver[count.index].name +# policy = citrixadc_authenticationpolicy.auth_authpolicy.name +# priority = 90 +# #bindpoint = "REQUEST" + +# depends_on = [ +# citrixadc_vpnvserver.gw_vserver +# ] +# } + +resource "citrixadc_authenticationvserver_authenticationpolicy_binding" "tf_bind" { + name = "AAA_LDAPS" + policy = "pol_auth_ldaps" + priority = 30 + + depends_on = [citrixadc_authenticationvserver.aaa_vserver, citrixadc_authenticationpolicy.auth_authpolicy ] } # Create authentication profile @@ -24,6 +34,7 @@ resource "citrixadc_authenticationauthnprofile" "gw_authentication_profile" { count = var.base_configuration.advanced ? 1 : 0 name = "authprof_aaa_ldaps" authnvsname = citrixadc_authenticationvserver.aaa_vserver[count.index].name + depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] } # Create Gateway vServer @@ -38,7 +49,7 @@ resource "citrixadc_vpnvserver" "gw_vserver" { tcpprofilename = "tcp_prof_${var.base_configuration.environment_prefix}" httpprofilename = "http_prof_${var.base_configuration.environment_prefix}" - depends_on = [citrixadc_authenticationvserver_authenticationldappolicy_binding.aaa_policy_bind] + depends_on = [citrixadc_authenticationauthnprofile.gw_authentication_profile] } @@ -49,7 +60,9 @@ resource "citrixadc_sslvserver" "gw_vserver_sslprofile" { sslprofile = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" depends_on = [ - citrixadc_vpnvserver.gw_vserver + citrixadc_vpnvserver.gw_vserver, + citrixadc_sslprofile.ssl_prof_fe_1213 + ] } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf index 59e2a31..e5b3a8d 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf @@ -1,12 +1,12 @@ # Define the ldaps action, by default set to loadbalance via the data interface as best practice # Don't forget to add basedn etc, in example it's omitted to prevent errors # https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/authenticationldapaction -resource "citrixadc_authenticationldapaction" "auth_authenticationldapaction" { +resource "citrixadc_authenticationldapaction" "auth_authentication_ldapaction" { name = var.auth_ldaps.action_name serverip = var.virtual_servers.lb_ldaps.ipv46 serverport = 636 sectype = var.auth_ldaps.sectype - authtimeout = var.auth_ldaps.authtimeout + authtimeout = 1 ldaploginname = var.auth_ldaps.ldaploginname ldapbase = var.auth_ldaps.ldapbase ldapbinddn = var.auth_ldaps.ldapbinddn @@ -19,17 +19,16 @@ resource "citrixadc_authenticationpolicy" "auth_authpolicy" { rule = var.auth_ldaps.policy_expression action = var.auth_ldaps.action_name - depends_on = [citrixadc_authenticationldapaction.auth_authenticationldapaction] + depends_on = [citrixadc_authenticationldapaction.auth_authentication_ldapaction, ] } -# Bind the auth policy globally for management authentication -resource "citrixadc_systemglobal_authenticationldappolicy_binding" "tf_bind" { - policyname = citrixadc_authenticationpolicy.auth_authpolicy.name - priority = 88 - feature = "SYSTEM" +# # Bind the auth policy globally for management authentication +# resource "citrixadc_systemglobal_authenticationldappolicy_binding" "tf_bind" { +# policyname = citrixadc_authenticationpolicy.auth_authpolicy.name +# priority = 88 - depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] -} +# depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] +# } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf index e450d4a..4c2ccc5 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf @@ -296,17 +296,3 @@ resource "citrixadc_sslprofile" "ssl_prof_be_12" { ] } -# Save config -resource "citrixadc_nsconfig_save" "ssl_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_sslcipher.ssl_cg_fe_TLS1213, - citrixadc_sslcipher.ssl_cg_fe_TLS13, - citrixadc_sslcipher.ssl_cg_be_TLS12, - citrixadc_sslprofile.ssl_prof_fe_1213, - citrixadc_sslprofile.ssl_prof_fe_13, - citrixadc_sslprofile.ssl_prof_be_12 - ] -} diff --git a/terraform/citrix-adc/terraform.tfstate b/terraform/citrix-adc/terraform.tfstate index ced7c0c..299d70a 100644 --- a/terraform/citrix-adc/terraform.tfstate +++ b/terraform/citrix-adc/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.5.6", - "serial": 35, + "serial": 1168, "lineage": "97149f73-d9db-ebe1-3ba9-2e09ac24de2d", "outputs": {}, "resources": [ @@ -26,6 +26,8 @@ "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" ] @@ -36,7 +38,7 @@ "module": "module.base_configuration", "mode": "managed", "type": "citrixadc_authenticationldapaction", - "name": "auth_authenticationldapaction", + "name": "auth_authentication_ldapaction", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", "instances": [ { @@ -126,7 +128,7 @@ "sensitive_attributes": [], "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ - "module.base_configuration.citrixadc_authenticationldapaction.auth_authenticationldapaction" + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction" ] } ] @@ -168,6 +170,37 @@ } ] }, + { + "module": "module.base_configuration", + "mode": "managed", + "type": "citrixadc_authenticationvserver_authenticationpolicy_binding", + "name": "tf_bind", + "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "bindpoint": "", + "gotopriorityexpression": "NEXT", + "groupextraction": false, + "id": "AAA_LDAPS,pol_auth_ldaps", + "name": "AAA_LDAPS", + "nextfactor": "", + "policy": "pol_auth_ldaps", + "priority": 30, + "secondary": false + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" + ] + } + ] + }, { "module": "module.base_configuration", "mode": "managed", @@ -423,71 +456,6 @@ } ] }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsconfig_save", - "name": "base_save", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "all": true, - "concurrent_save_interval": "10s", - "concurrent_save_ok": true, - "concurrent_save_retries": 0, - "concurrent_save_timeout": "5m", - "id": "2023-09-08T11:25:55Z", - "save_on_destroy": false, - "timestamp": "2023-09-08T11:25:55Z" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_nshostname.base_hostname", - "module.base_configuration.citrixadc_nsip.base_snip", - "module.base_configuration.citrixadc_nsmode.base_nsmode", - "module.base_configuration.citrixadc_nsparam.base_nsparam", - "module.base_configuration.citrixadc_systemparameter.base_systemparam" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsconfig_save", - "name": "ssl_save", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "all": true, - "concurrent_save_interval": "10s", - "concurrent_save_ok": true, - "concurrent_save_retries": 0, - "concurrent_save_timeout": "5m", - "id": "2023-09-08T11:25:52Z", - "save_on_destroy": false, - "timestamp": "2023-09-08T11:25:52Z" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_be_TLS12", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_be_12", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_1213", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13" - ] - } - ] - }, { "module": "module.base_configuration", "mode": "managed", @@ -521,7 +489,7 @@ "hdosp": false, "htmlinjection": false, "ic": false, - "id": "tf-nsfeature-20230908112551135000000004", + "id": "tf-nsfeature-20230908133613046700000004", "ipv6pt": false, "isis": false, "lb": true, @@ -559,7 +527,7 @@ "schema_version": 1, "attributes": { "hostname": "GOEUC-ADC-01", - "id": "tf-nshostname-20230908112551193700000005", + "id": "tf-nshostname-20230908133613043000000001", "ownernode": 0 }, "sensitive_attributes": [], @@ -704,7 +672,7 @@ "dradv6": false, "edge": true, "fr": true, - "id": "tf-nsmode-20230908112551201000000006", + "id": "tf-nsmode-20230908133613139200000005", "iradv": false, "l2": false, "l3": false, @@ -744,7 +712,7 @@ "ftpportrange": "", "grantquotamaxclient": null, "grantquotaspillover": null, - "id": "tf-nsparam-20230908112551133000000001", + "id": "tf-nsparam-20230908133613147700000006", "internaluserlogin": "ENABLED", "maxconn": null, "maxreq": null, @@ -1270,7 +1238,7 @@ "encrypttriggerpktcount": null, "heterogeneoussslhw": "DISABLED", "hybridfipsmode": "DISABLED", - "id": "tf-sslparameter-20230908112551134000000003", + "id": "tf-sslparameter-20230908133613045600000003", "insertcertspace": "YES", "insertionencoding": "Unicode", "ndcppcompliancecertcheck": "NO", @@ -1774,7 +1742,68 @@ "type": "citrixadc_sslvserver", "name": "gw_vserver_sslprofile", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "cipherredirect": "", + "cipherurl": "", + "cleartextport": 0, + "clientauth": "", + "clientcert": "", + "dh": "", + "dhcount": 0, + "dhekeyexchangewithpsk": "", + "dhfile": "", + "dhkeyexpsizelimit": "", + "dtls1": "", + "dtls12": "", + "dtlsprofilename": "", + "ersa": "", + "ersacount": 0, + "hsts": "", + "id": "gw_go-euc", + "includesubdomains": "", + "maxage": 0, + "ocspstapling": "", + "preload": "", + "pushenctrigger": "", + "redirectportrewrite": "", + "sendclosenotify": "", + "sessreuse": "", + "sesstimeout": 0, + "snienable": "", + "ssl2": "", + "ssl3": "", + "sslprofile": "ssl_prof_GO-EUC_fe_TLS1213", + "sslredirect": "", + "sslv2redirect": "", + "sslv2url": "", + "strictsigdigestcheck": "", + "tls1": "", + "tls11": "", + "tls12": "", + "tls13": "", + "tls13sessionticketsperauthcontext": 0, + "vservername": "gw_go-euc", + "zerorttearlydata": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", + "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", + "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_1213", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1792,7 +1821,7 @@ "fipsusermode": "DISABLED", "forcepasswordchange": "DISABLED", "googleanalytics": "DISABLED", - "id": "tf-systemparameter-20230908112551133500000002", + "id": "tf-systemparameter-20230908133613044300000002", "localauth": "ENABLED", "maxclient": "40", "minpasswordlen": null, @@ -1818,7 +1847,99 @@ "type": "citrixadc_vpnsessionaction", "name": "gw_sess_act_receiver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "advancedclientlessvpnmode": "DISABLED", + "allowedlogingroups": "", + "allprotocolproxy": "", + "alwaysonprofilename": "", + "authorizationgroup": "", + "autoproxyurl": "", + "citrixreceiverhome": "", + "clientchoices": "", + "clientcleanupprompt": "", + "clientconfiguration": [], + "clientdebug": "", + "clientidletimeout": 0, + "clientlessmodeurlencoding": "TRANSPARENT", + "clientlesspersistentcookie": "", + "clientlessvpnmode": "ON", + "clientoptions": "", + "clientsecurity": "", + "clientsecuritygroup": "", + "clientsecuritylog": "", + "clientsecuritymessage": "", + "defaultauthorizationaction": "ALLOW", + "dnsvservername": "", + "emailhome": "", + "epaclienttype": "", + "forcecleanup": [], + "forcedtimeout": 0, + "forcedtimeoutwarning": 0, + "fqdnspoofedip": "", + "ftpproxy": "", + "gopherproxy": "", + "homepage": "", + "httpport": [], + "httpproxy": "", + "icaproxy": "OFF", + "iconwithreceiver": "", + "id": "vpn_act_receiver_advanced", + "iipdnssuffix": "", + "kcdaccount": "", + "killconnections": "", + "linuxpluginupgrade": "", + "locallanaccess": "", + "loginscript": "", + "logoutscript": "", + "macpluginupgrade": "", + "name": "vpn_act_receiver_advanced", + "netmask": "", + "ntdomain": "", + "pcoipprofilename": "", + "proxy": "", + "proxyexception": "", + "proxylocalbypass": "", + "rdpclientprofilename": "", + "rfc1918": "", + "securebrowse": "", + "sesstimeout": 2880, + "sfgatewayauthtype": "", + "smartgroup": "", + "socksproxy": "", + "splitdns": "", + "splittunnel": "", + "spoofiip": "", + "sslproxy": "", + "sso": "ON", + "ssocredential": "PRIMARY", + "storefronturl": "https://storefront.go-euc.local/Citrix/StoreWeb", + "transparentinterception": "OFF", + "useiip": "", + "usemip": "", + "useraccounting": "", + "wihome": "https://storefront.go-euc.local/Citrix/StoreWeb", + "wihomeaddresstype": "IPV4", + "windowsautologon": "ON", + "windowsclienttype": "", + "windowspluginupgrade": "", + "winsip": "0.0.0.0", + "wiportalmode": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1826,7 +1947,99 @@ "type": "citrixadc_vpnsessionaction", "name": "gw_sess_act_receiver_web", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "advancedclientlessvpnmode": "DISABLED", + "allowedlogingroups": "", + "allprotocolproxy": "", + "alwaysonprofilename": "", + "authorizationgroup": "", + "autoproxyurl": "", + "citrixreceiverhome": "", + "clientchoices": "OFF", + "clientcleanupprompt": "", + "clientconfiguration": [], + "clientdebug": "", + "clientidletimeout": 0, + "clientlessmodeurlencoding": "TRANSPARENT", + "clientlesspersistentcookie": "", + "clientlessvpnmode": "OFF", + "clientoptions": "", + "clientsecurity": "", + "clientsecuritygroup": "", + "clientsecuritylog": "", + "clientsecuritymessage": "", + "defaultauthorizationaction": "ALLOW", + "dnsvservername": "", + "emailhome": "", + "epaclienttype": "", + "forcecleanup": [], + "forcedtimeout": 0, + "forcedtimeoutwarning": 0, + "fqdnspoofedip": "", + "ftpproxy": "", + "gopherproxy": "", + "homepage": "", + "httpport": [], + "httpproxy": "", + "icaproxy": "ON", + "iconwithreceiver": "", + "id": "vpn_act_web_advanced", + "iipdnssuffix": "", + "kcdaccount": "", + "killconnections": "", + "linuxpluginupgrade": "", + "locallanaccess": "ON", + "loginscript": "", + "logoutscript": "", + "macpluginupgrade": "", + "name": "vpn_act_web_advanced", + "netmask": "", + "ntdomain": "", + "pcoipprofilename": "", + "proxy": "", + "proxyexception": "", + "proxylocalbypass": "", + "rdpclientprofilename": "", + "rfc1918": "OFF", + "securebrowse": "", + "sesstimeout": 2880, + "sfgatewayauthtype": "", + "smartgroup": "", + "socksproxy": "", + "splitdns": "", + "splittunnel": "", + "spoofiip": "", + "sslproxy": "", + "sso": "ON", + "ssocredential": "PRIMARY", + "storefronturl": "https://storefront.go-euc.local/Citrix/StoreWeb", + "transparentinterception": "", + "useiip": "", + "usemip": "", + "useraccounting": "", + "wihome": "", + "wihomeaddresstype": "IPV4", + "windowsautologon": "ON", + "windowsclienttype": "", + "windowspluginupgrade": "", + "winsip": "0.0.0.0", + "wiportalmode": "NORMAL" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1834,7 +2047,28 @@ "type": "citrixadc_vpnsessionpolicy", "name": "gw_sess_pol_receiver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "action": "vpn_act_receiver_advanced", + "id": "vpn_prof_receiver_advanced", + "name": "vpn_prof_receiver_advanced", + "rule": "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") \u0026\u0026 HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1842,7 +2076,28 @@ "type": "citrixadc_vpnsessionpolicy", "name": "gw_sess_pol_receiver_web", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "action": "vpn_act_web_advanced", + "id": "vpn_prof_web_advanced", + "name": "vpn_prof_web_advanced", + "rule": "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver_web", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1850,7 +2105,66 @@ "type": "citrixadc_vpnvserver", "name": "gw_vserver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "advancedepa": "", + "appflowlog": "ENABLED", + "authentication": "ON", + "authnprofile": "authprof_aaa_ldaps", + "certkeynames": "", + "cginfrahomepageredirect": "ENABLED", + "comment": "", + "deploymenttype": "NONE", + "devicecert": "OFF", + "doublehop": "DISABLED", + "downstateflush": "ENABLED", + "dtls": "OFF", + "failedlogintimeout": 0, + "httpprofilename": "http_prof_GO-EUC", + "icaonly": "OFF", + "icaproxysessionmigration": "OFF", + "icmpvsrresponse": "PASSIVE", + "id": "gw_go-euc", + "ipset": "", + "ipv46": "192.168.176.199", + "l2conn": "OFF", + "linuxepapluginupgrade": "", + "listenpolicy": "NONE", + "listenpriority": 0, + "loginonce": "OFF", + "logoutonsmartcardremoval": "OFF", + "macepapluginupgrade": "", + "maxaaausers": null, + "maxloginattempts": 0, + "name": "gw_go-euc", + "netprofile": "", + "pcoipvserverprofilename": "", + "port": 443, + "range": null, + "rdpserverprofilename": "", + "rhistate": "PASSIVE", + "samesite": "", + "servicetype": "SSL", + "state": "ENABLED", + "tcpprofilename": "tcp_prof_GO-EUC", + "userdomains": "", + "vserverfqdn": "", + "windowsepapluginupgrade": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" + ] + } + ] }, { "module": "module.base_configuration", @@ -1858,7 +2172,28 @@ "type": "citrixadc_vpnvserver_staserver_binding", "name": "gw_vserver_staserver_binding", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "id": "gw_go-euc,http://192.168.150.2", + "name": "gw_go-euc", + "staaddresstype": "IPV4", + "staserver": "http://192.168.150.2" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1866,7 +2201,33 @@ "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", "name": "gw_vserver_vpnsessionpolicy_binding_receiver", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "bindpoint": null, + "gotopriorityexpression": null, + "groupextraction": false, + "id": "gw_go-euc,vpn_prof_receiver_advanced", + "name": "gw_go-euc", + "policy": "vpn_prof_receiver_advanced", + "priority": 100, + "secondary": false + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver", + "module.base_configuration.citrixadc_vpnsessionpolicy.gw_sess_pol_receiver", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] }, { "module": "module.base_configuration", @@ -1874,7 +2235,33 @@ "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", "name": "gw_vserver_vpnsessionpolicy_binding_receiver_web", "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [] + "instances": [ + { + "schema_version": 1, + "attributes": { + "bindpoint": null, + "gotopriorityexpression": null, + "groupextraction": false, + "id": "gw_go-euc,vpn_prof_web_advanced", + "name": "gw_go-euc", + "policy": "vpn_prof_web_advanced", + "priority": 110, + "secondary": false + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", + "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", + "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", + "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", + "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", + "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver_web", + "module.base_configuration.citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web", + "module.base_configuration.citrixadc_vpnvserver.gw_vserver" + ] + } + ] } ], "check_results": null From b30c21f1f5d2048ace2c95180cd5938b88f65fb1 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Mon, 25 Sep 2023 14:18:33 +0200 Subject: [PATCH 10/11] LEC additions and fixes --- terraform/citrix-adc/main.tf | 31 +- .../base_gateway.tf | 13 - .../base_vservers.tf | 2 +- .../netscaler.base.configuration/provider.tf | 12 - .../netscaler.letsencrypt/lec_config.tf | 99 + .../netscaler.letsencrypt/lec_loadbalancer.tf | 66 + .../modules/netscaler.letsencrypt/provider.tf | 11 + .../netscaler.letsencrypt/variables.tf | 40 + .../vsphere.netscaler.deployment/main.tf | 88 + .../vsphere.netscaler.deployment/variables.tf | 29 + terraform/citrix-adc/provider.tf | 29 + terraform/citrix-adc/terraform.tfstate | 2307 +---------------- terraform/citrix-adc/variables.tf | 44 + 13 files changed, 533 insertions(+), 2238 deletions(-) create mode 100644 terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf create mode 100644 terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf create mode 100644 terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf create mode 100644 terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf create mode 100644 terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf create mode 100644 terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf create mode 100644 terraform/citrix-adc/provider.tf diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index 32ca839..5883256 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -1,4 +1,21 @@ +module "vsphere_deployment" { + # Check if this needs to run based on global settings + count = var.terraform_settings.deploy_vsphere ? 1 : 0 + # Import the source module + source = "./modules/vsphere.netscaler.deployment" + + # vSphere settings + vsphere = var.vsphere + + # VM settings + vm = var.vm +} + + module "base_configuration" { + # Check if this needs to run based on global settings + count = var.terraform_settings.deploy_settings ? 1 : 0 + # Import the source module source = "./modules/netscaler.base.configuration" # Default settings / Best Practices & Profiles @@ -7,8 +24,6 @@ module "base_configuration" { base_configuration = var.base_configuration base_configuration_snip = var.base_configuration_snip - - # Virtual Servers / Services creation # base_vservers.tf servers = var.servers @@ -23,7 +38,15 @@ module "base_configuration" { # base_gateway.tf gateway = var.gateway +} + +module "letsencrypt" { + count = var.terraform_settings.deploy_letsencrypt ? 1 : 0 + source = "./modules/netscaler.letsencrypt" + + # LetsEncrypt configuration + # Set these variables in the module variables.tf file + # They have been excluded from the main terraform.tfvars file for ease of reading +} - -} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf index 69b5f16..6ef907c 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf @@ -8,19 +8,6 @@ resource "citrixadc_authenticationvserver" "aaa_vserver" { depends_on = [citrixadc_nsfeature.advanced_nsfeature] } -# # Bind authentication policy to AAA vserver -# resource "citrixadc_authenticationvserver_authenticationldappolicy_binding" "aaa_policy_bind" { -# count = var.base_configuration.advanced ? 1 : 0 -# name = citrixadc_authenticationvserver.aaa_vserver[count.index].name -# policy = citrixadc_authenticationpolicy.auth_authpolicy.name -# priority = 90 -# #bindpoint = "REQUEST" - -# depends_on = [ -# citrixadc_vpnvserver.gw_vserver -# ] -# } - resource "citrixadc_authenticationvserver_authenticationpolicy_binding" "tf_bind" { name = "AAA_LDAPS" policy = "pol_auth_ldaps" diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf index 8cd3b68..0486192 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf @@ -44,7 +44,7 @@ resource "citrixadc_lbvserver" "lb_vserver" { citrixadc_sslcipher.ssl_cg_fe_TLS13, citrixadc_sslprofile.ssl_prof_fe_13, citrixadc_sslprofile.ssl_prof_fe_13_SNI, - ] + ] } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf index b61894e..1e4a20d 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/provider.tf @@ -5,16 +5,4 @@ terraform { source = "citrix/citrixadc" } } -} - -# Target non default partition -provider "citrixadc" { - endpoint = var.logon_information.host - username = var.logon_information.username - password = var.logon_information.password - do_login = true - -# Allow connection upon invalid certificate - insecure_skip_verify = true - } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf new file mode 100644 index 0000000..2316359 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf @@ -0,0 +1,99 @@ + + +# Create Private Key +resource "tls_private_key" "le_private_key" { + algorithm = var.letsencrypt_certificate.private_key_algorithm + ecdsa_curve = var.letsencrypt_certificate.private_key_ecdsa_curve + rsa_bits = var.letsencrypt_certificate.private_key_rsa_bits +} + +# Register with ACME +resource "acme_registration" "le_registration" { + account_key_pem = tls_private_key.le_private_key.private_key_pem + email_address = var.letsencrypt_certificate.registration_email_address + + depends_on = [ + tls_private_key.le_private_key + ] +} + +# Create Certificate +resource "acme_certificate" "le_certificate" { + account_key_pem = acme_registration.le_registration.account_key_pem + common_name = var.letsencrypt_certificate.common_name + subject_alternative_names = var.letsencrypt_certificate-san + + http_challenge { + } + + depends_on = [ + acme_registration.le_registration + ] +} + +# Upload cert files to /nsconfig/ssl on ADC +resource "citrixadc_systemfile" "le_upload_cert" { + filename = "${var.letsencrypt_certificate.common_name}_certificate.cer" + filelocation = "/nsconfig/ssl" + filecontent = lookup(acme_certificate.le_certificate,"certificate_pem") + + depends_on = [ + acme_certificate.le_certificate + ] +} + +resource "citrixadc_systemfile" "le_upload_key" { + filename = "${var.letsencrypt_certificate.common_name}_privatekey.cer" + filelocation = "/nsconfig/ssl" + filecontent = nonsensitive(lookup(acme_certificate.le_certificate,"private_key_pem")) + + depends_on = [ + acme_certificate.le_certificate + ] +} + +resource "citrixadc_systemfile" "le_upload_root" { + filename = "${var.letsencrypt_certificate.common_name}_rootca.cer" + filelocation = "/nsconfig/ssl" + filecontent = lookup(acme_certificate.le_certificate,"issuer_pem") + + depends_on = [ + acme_certificate.le_certificate + ] +} + +# Implement root certificate +resource "citrixadc_sslcertkey" "le_implement_rootca" { + certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" + cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_rootca.cer" + expirymonitor = "DISABLED" + +depends_on = [ + citrixadc_systemfile.le_upload_cert, + citrixadc_systemfile.le_upload_key + ] +} + +# Implement server certificate +resource "citrixadc_sslcertkey" "le_implement_certkeypair" { + certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_Server" + cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_certificate.cer" + key = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_privatekey.cer" + expirymonitor = "DISABLED" + linkcertkeyname = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" + + depends_on = [ + citrixadc_sslcertkey.le_implement_rootca + ] +} + +# Save config +resource "citrixadc_nsconfig_save" "le_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_sslcertkey.le_implement_certkeypair, + citrixadc_sslcertkey.le_implement_rootca + ] +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf new file mode 100644 index 0000000..b3e8d23 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf @@ -0,0 +1,66 @@ +# Add LB Server +resource "citrixadc_server" "le_lb_install_server" { + name = var.letsencrypt_lb.lb_srv_name + ipaddress = var.letsencrypt_lb.backend_ip +} + +# Add LB Service Groups +resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { + + servicegroupname = var.letsencrypt_lb.lb_sg_name + servicetype = var.letsencrypt_lb.servicetype + healthmonitor = var.letsencrypt_lb.lb_sg_healthmonitor + + depends_on = [ + citrixadc_server.le_lb_install_server + ] +} + +# Bind LB Server to Service Groups +resource "citrixadc_servicegroup_servicegroupmember_binding" "le_lb_install_sg_server_binding" { + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + servername = citrixadc_server.le_lb_install_server.name + port = var.letsencrypt_lb.port + + depends_on = [ + citrixadc_servicegroup.le_lb_install_servicegroup + ] +} + +##### +# Add and configure LB vServer _ Type http +##### +resource "citrixadc_lbvserver" "le_lb_install_vserver_http" { + name = var.letsencrypt_lb.lb_vs_name + servicetype = var.letsencrypt_lb.servicetype + ipv46 = var.letsencrypt_lb.frontend_ip + port = var.letsencrypt_lb.port + lbmethod = var.letsencrypt_lb.lb_vs_lbmethod + persistencetype = var.letsencrypt_lb.lb_vs_persistencetype + timeout = var.letsencrypt_lb.lb_vs_timeout + + depends_on = [ + citrixadc_servicegroup_servicegroupmember_binding.le_lb_install_sg_server_binding + ] +} + +# Bind LB Service Groups to LB vServers +resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_binding" { + name = citrixadc_lbvserver.le_lb_install_vserver_http.name + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + + depends_on = [ + citrixadc_lbvserver.le_lb_install_vserver_http + ] +} + +# Save config +resource "citrixadc_nsconfig_save" "le_lb_install_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_lbvserver_servicegroup_binding.le_lb_install_vserver_sg_binding + ] +} + diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf new file mode 100644 index 0000000..87fb571 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + # ACME provider for LetsEncrypt + acme = { + source = "vancluever/acme" + } + citrixadc = { + source = "citrix/citrixadc" + } + } +} \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf new file mode 100644 index 0000000..4e80776 --- /dev/null +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf @@ -0,0 +1,40 @@ +# ADC LetsEncrypt LB configuration variables +variable letsencrypt_lb { + type = map + description = "LetsEncrypt LoadBalancer configuration variables" + default = { + backend-ip = "192.168.1.25" + frontend-ip = "192.168.1.17" + servicetype = "TCP" + port = "80" + lb_srv_name = "lb_srv_letsencrypt_backend" + lb_sg_name = "lb_sg_letsencrypt_backend" + lb_sg_healthmonitor = "NO" + lb_vs_name = "lb_vs_letsencrypt" + lb_vs_lbmethod = "LEASTCONNECTION" + lb_vs_persistencetype = "SOURCEIP" + lb_vs_timeout = "2" + } +} + +# ADC LetsEncrypt configuration variables +variable letsencrypt_certificate { + type = map + description = "Lets Encrypt Certificate configuration variables" + default = { + private_key_algorithm = "RSA" + private_key_rsa_bits = "4096" + private_key_ecdsa_curve = "P224" + registration_email_address = "you@something.com" + common_name = "environment.com" + + } +} + +variable letsencrypt_certificate-san { + type = list + default = [ + "citrix.YourEnvironment.YourDomain.YourTLD" + ] +} + diff --git a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf new file mode 100644 index 0000000..71f6a35 --- /dev/null +++ b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf @@ -0,0 +1,88 @@ +##### +# Configure Datacenter +##### +data "vsphere_datacenter" "dc" { + name = var.vsphere.datacenter +} + +##### +# Configure Datastore +##### +data "vsphere_datastore" "datastore" { + name = var.vsphere.datastore + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure Host +##### +data "vsphere_host" "host" { + name = var.vsphere.host + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure Ressource Pool +##### +data "vsphere_resource_pool" "pool" { + name = var.vsphere.resourcepool + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure VM Network +##### +data "vsphere_network" "network" { + name = var.vm.network + datacenter_id = data.vsphere_datacenter.dc.id +} + +##### +# Configure OVF +##### +data "vsphere_ovf_vm_template" "ovfLocal" { + name = var.vm.name + disk_provisioning = "thin" + resource_pool_id = data.vsphere_resource_pool.pool.id + datastore_id = data.vsphere_datastore.datastore.id + host_system_id = data.vsphere_host.host.id + local_ovf_path = var.vm.ovf + + ovf_network_map = { + "VM Network" : data.vsphere_network.network.id + } +} + +##### +# Create ADC VM +##### +resource "vsphere_virtual_machine" "build_citrix-adc" { + name = var.vm.name + datacenter_id = data.vsphere_datacenter.dc.id + resource_pool_id = data.vsphere_resource_pool.pool.id + datastore_id = data.vsphere_datastore.datastore.id + host_system_id = data.vsphere_host.host.id + num_cpus = data.vsphere_ovf_vm_template.ovfLocal.num_cpus + num_cores_per_socket = data.vsphere_ovf_vm_template.ovfLocal.num_cores_per_socket + memory = data.vsphere_ovf_vm_template.ovfLocal.memory + guest_id = data.vsphere_ovf_vm_template.ovfLocal.guest_id + scsi_type = data.vsphere_ovf_vm_template.ovfLocal.scsi_type + nested_hv_enabled = data.vsphere_ovf_vm_template.ovfLocal.nested_hv_enabled + + network_interface { + network_id = values(data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map)[0] + use_static_mac = true + mac_address = var.vm.mac + } + + wait_for_guest_net_timeout = -1 + wait_for_guest_ip_timeout = 5 + + ovf_deploy { + allow_unverified_ssl_cert = true + local_ovf_path = data.vsphere_ovf_vm_template.ovfLocal.local_ovf_path + disk_provisioning = data.vsphere_ovf_vm_template.ovfLocal.disk_provisioning + ovf_network_map = data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map + } +} + diff --git a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf new file mode 100644 index 0000000..03dd27d --- /dev/null +++ b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf @@ -0,0 +1,29 @@ +variable vsphere{ + description = "values for the creation of a NetScaler VM" + type = object({ + # Subnet IP + server = string + user = string + password = string + datacenter = string + host = string + datastore = string + network = string + timezone = string + resourcepool = string + }) +} + +variable vm{ + description = "values for the creation of a NetScaler VM" + type = object({ + # Subnet IP + ovf = string + network = string + mac = string + ip = string + gateway = string + netmask = string + name = string + }) +} diff --git a/terraform/citrix-adc/provider.tf b/terraform/citrix-adc/provider.tf new file mode 100644 index 0000000..5263520 --- /dev/null +++ b/terraform/citrix-adc/provider.tf @@ -0,0 +1,29 @@ +terraform { + required_providers { + # Provider for Citrix NetScaler + citrixadc = { + source = "citrix/citrixadc" + } + } +} + +# Target non default partition +provider "citrixadc" { + endpoint = var.logon_information.host + username = var.logon_information.username + password = var.logon_information.password + do_login = true + +# Allow connection upon invalid certificate + insecure_skip_verify = true + +} + +provider "vsphere" { + user = var.vsphere.user + password = var.vsphere.password + vsphere_server = var.vsphere.server + + # If you have a self-signed cert + allow_unverified_ssl = true +} diff --git a/terraform/citrix-adc/terraform.tfstate b/terraform/citrix-adc/terraform.tfstate index 299d70a..af7cc2f 100644 --- a/terraform/citrix-adc/terraform.tfstate +++ b/terraform/citrix-adc/terraform.tfstate @@ -1,2267 +1,158 @@ { "version": 4, "terraform_version": "1.5.6", - "serial": 1168, + "serial": 1236, "lineage": "97149f73-d9db-ebe1-3ba9-2e09ac24de2d", "outputs": {}, "resources": [ { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_authenticationauthnprofile", - "name": "gw_authentication_profile", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "authenticationdomain": "", - "authenticationhost": "", - "authenticationlevel": null, - "authnvsname": "AAA_LDAPS", - "id": "authprof_aaa_ldaps", - "name": "authprof_aaa_ldaps" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_authenticationldapaction", - "name": "auth_authentication_ldapaction", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "alternateemailattr": "", - "attribute1": "", - "attribute10": "", - "attribute11": "", - "attribute12": "", - "attribute13": "", - "attribute14": "", - "attribute15": "", - "attribute16": "", - "attribute2": "", - "attribute3": "", - "attribute4": "", - "attribute5": "", - "attribute6": "", - "attribute7": "", - "attribute8": "", - "attribute9": "", - "attributes": "", - "authentication": "ENABLED", - "authtimeout": 1, - "cloudattributes": "DISABLED", - "defaultauthenticationgroup": "", - "email": "mail", - "followreferrals": "OFF", - "groupattrname": "", - "groupnameidentifier": "", - "groupsearchattribute": "", - "groupsearchfilter": "", - "groupsearchsubattribute": "", - "id": "act_ldaps", - "kbattribute": "", - "ldapbase": "dc=go-euc,dc=local", - "ldapbinddn": "CN=Administrator,CN=Users,DC=go-euc,DC=local", - "ldapbinddnpassword": "Password1!", - "ldaphostname": "", - "ldaploginname": "username", - "maxldapreferrals": null, - "maxnestinglevel": null, - "mssrvrecordlocation": "dc._msdcs", - "name": "act_ldaps", - "nestedgroupextraction": "OFF", - "otpsecret": "", - "passwdchange": "DISABLED", - "pushservice": "", - "referraldnslookup": "A-REC", - "requireuser": "YES", - "searchfilter": "", - "sectype": "SSL", - "serverip": "192.168.176.142", - "servername": "", - "serverport": 636, - "sshpublickey": "", - "ssonameattribute": "", - "subattributename": "", - "svrtype": "AD", - "validateservercert": "NO" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_authenticationpolicy", - "name": "auth_authpolicy", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "action": "act_ldaps", - "comment": "", - "id": "pol_auth_ldaps", - "logaction": "", - "name": "pol_auth_ldaps", - "newname": "", - "rule": "True", - "undefaction": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_authenticationvserver", - "name": "aaa_vserver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "appflowlog": "ENABLED", - "authentication": "ON", - "authenticationdomain": "", - "certkeynames": "", - "comment": "", - "failedlogintimeout": 0, - "id": "AAA_LDAPS", - "ipv46": "0.0.0.0", - "maxloginattempts": 0, - "name": "AAA_LDAPS", - "newname": "", - "port": 0, - "range": null, - "samesite": "", - "servicetype": "SSL", - "state": "ENABLED", - "td": null - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_authenticationvserver_authenticationpolicy_binding", - "name": "tf_bind", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "bindpoint": "", - "gotopriorityexpression": "NEXT", - "groupextraction": false, - "id": "AAA_LDAPS,pol_auth_ldaps", - "name": "AAA_LDAPS", - "nextfactor": "", - "policy": "pol_auth_ldaps", - "priority": 30, - "secondary": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_lbvserver", - "name": "lb_vserver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": "lb_ldaps", - "schema_version": 1, - "attributes": { - "appflowlog": "ENABLED", - "authentication": "OFF", - "authenticationhost": "", - "authn401": "OFF", - "authnprofile": "", - "authnvsname": "", - "backuplbmethod": "", - "backuppersistencetimeout": 2, - "backupvserver": "", - "bypassaaaa": "NO", - "cacheable": "NO", - "ciphers": null, - "ciphersuites": null, - "clttimeout": null, - "comment": "", - "connfailover": "DISABLED", - "cookiename": "", - "datalength": null, - "dataoffset": null, - "dbprofilename": "", - "dbslb": "", - "disableprimaryondown": "DISABLED", - "dns64": "DISABLED", - "dnsprofilename": "", - "downstateflush": "ENABLED", - "hashlength": 0, - "healththreshold": null, - "httpprofilename": "", - "httpsredirecturl": "", - "icmpvsrresponse": "PASSIVE", - "id": "lb_ldaps", - "insertvserveripport": "OFF", - "ipmask": "*", - "ippattern": "0.0.0.0", - "ipset": "", - "ipv46": "192.168.176.142", - "l2conn": "OFF", - "lbmethod": "ROUNDROBIN", - "lbprofilename": "", - "listenpolicy": "NONE", - "listenpriority": 0, - "m": "IP", - "macmoderetainvlan": "DISABLED", - "maxautoscalemembers": null, - "minautoscalemembers": null, - "mssqlserverversion": "", - "mysqlcharacterset": 0, - "mysqlprotocolversion": 0, - "mysqlservercapabilities": 0, - "mysqlserverversion": "", - "name": "lb_ldaps", - "netmask": "", - "netprofile": "", - "newname": "", - "newservicerequest": 0, - "newservicerequestincrementinterval": 0, - "newservicerequestunit": "PER_SECOND", - "oracleserverversion": "", - "persistencebackup": "NONE", - "persistencetype": "SOURCEIP", - "persistmask": "255.255.255.255", - "port": 636, - "pq": "", - "probeport": 0, - "probeprotocol": "", - "processlocal": "DISABLED", - "push": "DISABLED", - "pushlabel": "none", - "pushmulticlients": "NO", - "pushvserver": "", - "quicbridgeprofilename": "", - "range": null, - "recursionavailable": "", - "redirectfromport": 0, - "redirectportrewrite": "DISABLED", - "redirurl": "", - "redirurlflags": false, - "resrule": "", - "retainconnectionsoncluster": "NO", - "rhistate": "PASSIVE", - "rtspnat": "OFF", - "rule": "", - "sc": "", - "servicename": "", - "servicetype": "SSL_TCP", - "sessionless": "DISABLED", - "skippersistency": "None", - "snisslcertkeys": null, - "sobackupaction": "", - "somethod": "NONE", - "sopersistence": "DISABLED", - "sopersistencetimeout": null, - "sothreshold": 0, - "sslcertkey": null, - "sslpolicybinding": [], - "sslprofile": "ssl_prof_GO-EUC_fe_TLS1213", - "state": "ENABLED", - "tcpprofilename": "tcp_prof_GO-EUC", - "td": null, - "timeout": 180, - "tosid": 0, - "trofspersistence": "ENABLED", - "v6netmasklen": 0, - "v6persistmasklen": null, - "vipheader": "", - "weight": 0 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", - "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" - ] - }, - { - "index_key": "lb_storefront", - "schema_version": 1, - "attributes": { - "appflowlog": "ENABLED", - "authentication": "OFF", - "authenticationhost": "", - "authn401": "OFF", - "authnprofile": "", - "authnvsname": "", - "backuplbmethod": "", - "backuppersistencetimeout": 2, - "backupvserver": "", - "bypassaaaa": "NO", - "cacheable": "NO", - "ciphers": null, - "ciphersuites": null, - "clttimeout": null, - "comment": "", - "connfailover": "DISABLED", - "cookiename": "", - "datalength": null, - "dataoffset": null, - "dbprofilename": "", - "dbslb": "", - "disableprimaryondown": "DISABLED", - "dns64": "DISABLED", - "dnsprofilename": "", - "downstateflush": "ENABLED", - "hashlength": 0, - "healththreshold": null, - "httpprofilename": "http_prof_GO-EUC", - "httpsredirecturl": "", - "icmpvsrresponse": "PASSIVE", - "id": "lb_storefront", - "insertvserveripport": "OFF", - "ipmask": "*", - "ippattern": "0.0.0.0", - "ipset": "", - "ipv46": "192.168.176.143", - "l2conn": "OFF", - "lbmethod": "ROUNDROBIN", - "lbprofilename": "", - "listenpolicy": "NONE", - "listenpriority": 0, - "m": "IP", - "macmoderetainvlan": "DISABLED", - "maxautoscalemembers": null, - "minautoscalemembers": null, - "mssqlserverversion": "", - "mysqlcharacterset": 0, - "mysqlprotocolversion": 0, - "mysqlservercapabilities": 0, - "mysqlserverversion": "", - "name": "lb_storefront", - "netmask": "", - "netprofile": "", - "newname": "", - "newservicerequest": 0, - "newservicerequestincrementinterval": 0, - "newservicerequestunit": "PER_SECOND", - "oracleserverversion": "", - "persistencebackup": "NONE", - "persistencetype": "SOURCEIP", - "persistmask": "255.255.255.255", - "port": 80, - "pq": "", - "probeport": 0, - "probeprotocol": "", - "processlocal": "DISABLED", - "push": "DISABLED", - "pushlabel": "none", - "pushmulticlients": "NO", - "pushvserver": "", - "quicbridgeprofilename": "", - "range": null, - "recursionavailable": "", - "redirectfromport": 0, - "redirectportrewrite": "DISABLED", - "redirurl": "", - "redirurlflags": false, - "resrule": "", - "retainconnectionsoncluster": "NO", - "rhistate": "PASSIVE", - "rtspnat": "OFF", - "rule": "", - "sc": "", - "servicename": "", - "servicetype": "HTTP", - "sessionless": "DISABLED", - "skippersistency": "None", - "snisslcertkeys": null, - "sobackupaction": "", - "somethod": "NONE", - "sopersistence": "DISABLED", - "sopersistencetimeout": null, - "sothreshold": 0, - "sslcertkey": null, - "sslpolicybinding": [], - "sslprofile": "", - "state": "ENABLED", - "tcpprofilename": "tcp_prof_GO-EUC", - "td": null, - "timeout": 180, - "tosid": 0, - "trofspersistence": "ENABLED", - "v6netmasklen": 0, - "v6persistmasklen": null, - "vipheader": "", - "weight": 0 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", - "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsfeature", - "name": "advanced_nsfeature", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "aaa": true, - "adaptivetcp": false, - "apigateway": false, - "appflow": false, - "appfw": false, - "appqoe": false, - "bgp": false, - "bot": false, - "cf": false, - "ch": false, - "ci": false, - "cloudbridge": false, - "cmp": false, - "contentaccelerator": false, - "cqa": false, - "cr": false, - "cs": true, - "feo": false, - "forwardproxy": false, - "gslb": false, - "hdosp": false, - "htmlinjection": false, - "ic": false, - "id": "tf-nsfeature-20230908133613046700000004", - "ipv6pt": false, - "isis": false, - "lb": true, - "lsn": false, - "ospf": false, - "pq": false, - "push": false, - "rdpproxy": false, - "rep": false, - "responder": true, - "rewrite": true, - "rip": false, - "rise": false, - "sp": false, - "ssl": true, - "sslinterception": false, - "sslvpn": true, - "urlfiltering": false, - "videooptimization": false, - "wl": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nshostname", - "name": "base_hostname", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "hostname": "GOEUC-ADC-01", - "id": "tf-nshostname-20230908133613043000000001", - "ownernode": 0 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nshttpprofile", - "name": "base_http_prof", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "adpttimeout": "DISABLED", - "altsvc": "DISABLED", - "altsvcvalue": "", - "apdexcltresptimethreshold": null, - "clientiphdrexpr": "", - "cmponpush": "DISABLED", - "conmultiplex": "ENABLED", - "dropextracrlf": "ENABLED", - "dropextradata": "DISABLED", - "dropinvalreqs": "ENABLED", - "grpcholdlimit": null, - "grpcholdtimeout": null, - "grpclengthdelimitation": "ENABLED", - "http2": "ENABLED", - "http2altsvcframe": "DISABLED", - "http2direct": "DISABLED", - "http2headertablesize": null, - "http2initialconnwindowsize": null, - "http2initialwindowsize": null, - "http2maxconcurrentstreams": null, - "http2maxemptyframespermin": null, - "http2maxframesize": null, - "http2maxheaderlistsize": null, - "http2maxpingframespermin": null, - "http2maxresetframespermin": null, - "http2maxsettingsframespermin": null, - "http2minseverconn": null, - "http2strictcipher": "ENABLED", - "http3": "DISABLED", - "http3maxheaderblockedstreams": null, - "http3maxheaderfieldsectionsize": null, - "http3maxheadertablesize": null, - "id": "http_prof_GO-EUC", - "incomphdrdelay": null, - "markconnreqinval": "ENABLED", - "markhttp09inval": "ENABLED", - "markhttpheaderextrawserror": "DISABLED", - "markrfc7230noncompliantinval": "DISABLED", - "marktracereqinval": "DISABLED", - "maxheaderlen": null, - "maxreq": null, - "maxreusepool": null, - "minreusepool": null, - "name": "http_prof_GO-EUC", - "persistentetag": "DISABLED", - "reqtimeout": null, - "reqtimeoutaction": "", - "reusepooltimeout": null, - "rtsptunnel": "DISABLED", - "spdy": "", - "weblog": "DISABLED", - "websocket": "DISABLED" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsip", - "name": "base_snip", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "advertiseondefaultpartition": "DISABLED", - "arp": "ENABLED", - "arpresponse": "NONE", - "bgp": "", - "decrementttl": "DISABLED", - "dynamicrouting": "DISABLED", - "ftp": "ENABLED", - "gui": "ENABLED", - "hostroute": "DISABLED", - "hostrtgw": "", - "icmp": "ENABLED", - "icmpresponse": "NONE", - "id": "192.168.1.249", - "ipaddress": "192.168.1.249", - "metric": 0, - "mgmtaccess": "DISABLED", - "mptcpadvertise": "NO", - "netmask": "255.255.255.0", - "networkroute": "DISABLED", - "ospf": "", - "ospfarea": 0, - "ospflsatype": "TYPE5", - "ownerdownresponse": "YES", - "ownernode": "255", - "restrictaccess": "DISABLED", - "rip": "", - "snmp": "ENABLED", - "ssh": "ENABLED", - "state": "ENABLED", - "tag": null, - "td": null, - "telnet": "ENABLED", - "type": "SNIP", - "vrid": 0, - "vserver": "DISABLED", - "vserverrhilevel": "ONE_VSERVER", - "vserverrhimode": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsmode", - "name": "base_nsmode", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "bridgebpdus": false, - "cka": false, - "dradv": false, - "dradv6": false, - "edge": true, - "fr": true, - "id": "tf-nsmode-20230908133613139200000005", - "iradv": false, - "l2": false, - "l3": false, - "mbf": false, - "mediaclassification": false, - "pmtud": true, - "sradv": false, - "sradv6": false, - "tcpb": false, - "ulfd": false, - "usip": false, - "usnip": true - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nsparam", - "name": "base_nsparam", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "advancedanalyticsstats": "DISABLED", - "aftpallowrandomsourceport": "DISABLED", - "cip": "DISABLED", - "cipheader": "", - "cookieversion": "0", - "crportrange": "", - "exclusivequotamaxclient": null, - "exclusivequotaspillover": null, - "ftpportrange": "", - "grantquotamaxclient": null, - "grantquotaspillover": null, - "id": "tf-nsparam-20230908133613147700000006", - "internaluserlogin": "ENABLED", - "maxconn": null, - "maxreq": null, - "mgmthttpport": 80, - "mgmthttpsport": 443, - "pmtumin": null, - "pmtutimeout": 10, - "proxyprotocol": "DISABLED", - "securecookie": "ENABLED", - "servicepathingressvlan": 0, - "tcpcip": "DISABLED", - "timezone": "GMT+02:00-CEST-Europe/Berlin", - "useproxyport": "ENABLED" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_nstcpprofile", - "name": "base_tcp_prof", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "ackaggregation": "DISABLED", - "ackonpush": "ENABLED", - "applyadaptivetcp": "DISABLED", - "buffersize": 131072, - "burstratecontrol": "DISABLED", - "clientiptcpoption": "DISABLED", - "clientiptcpoptionnumber": 0, - "delayedack": 100, - "dropestconnontimeout": "ENABLED", - "drophalfclosedconnontimeout": "ENABLED", - "dsack": "ENABLED", - "dupackthresh": 3, - "dynamicreceivebuffering": "ENABLED", - "ecn": "DISABLED", - "establishclientconn": "AUTOMATIC", - "fack": "ENABLED", - "flavor": "BIC", - "frto": "ENABLED", - "hystart": "DISABLED", - "id": "tcp_prof_GO-EUC", - "initialcwnd": 10, - "ka": "DISABLED", - "kaconnidletime": 900, - "kamaxprobes": 3, - "kaprobeinterval": 75, - "kaprobeupdatelastactivity": "ENABLED", - "maxburst": 6, - "maxcwnd": 524288, - "maxpktpermss": 0, - "minrto": 1000, - "mpcapablecbit": "DISABLED", - "mptcp": "DISABLED", - "mptcpdropdataonpreestsf": "DISABLED", - "mptcpfastopen": "DISABLED", - "mptcpsessiontimeout": 0, - "mss": 1460, - "nagle": "ENABLED", - "name": "tcp_prof_GO-EUC", - "oooqsize": 300, - "pktperretx": 1, - "rateqmax": 0, - "rstmaxack": "ENABLED", - "rstwindowattenuate": "DISABLED", - "sack": "ENABLED", - "sendbuffsize": 131072, - "sendclientportintcpoption": "DISABLED", - "slowstartincr": 2, - "slowstartthreshold": 524288, - "spoofsyndrop": "DISABLED", - "syncookie": "ENABLED", - "taillossprobe": "DISABLED", - "tcpfastopen": "DISABLED", - "tcpfastopencookiesize": 8, - "tcpmode": "TRANSPARENT", - "tcprate": 0, - "tcpsegoffload": "AUTOMATIC", - "timestamp": "DISABLED", - "ws": "ENABLED", - "wsval": 8 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_server", - "name": "lb_server", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": "srv_dc01", - "schema_version": 1, - "attributes": { - "comment": "", - "delay": null, - "domain": "", - "domainresolvenow": false, - "domainresolveretry": 0, - "graceful": null, - "id": "srv_dc01", - "internal": false, - "ipaddress": "192.168.1.12", - "ipv6address": "NO", - "name": "srv_dc01", - "querytype": "", - "state": "ENABLED", - "td": null, - "translationip": "0.0.0.0", - "translationmask": "0.0.0.0" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - }, - { - "index_key": "srv_dc02", - "schema_version": 1, - "attributes": { - "comment": "", - "delay": null, - "domain": "", - "domainresolvenow": false, - "domainresolveretry": 0, - "graceful": null, - "id": "srv_dc02", - "internal": false, - "ipaddress": "192.168.1.13", - "ipv6address": "NO", - "name": "srv_dc02", - "querytype": "", - "state": "ENABLED", - "td": null, - "translationip": "0.0.0.0", - "translationmask": "0.0.0.0" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - }, - { - "index_key": "srv_storefront01", - "schema_version": 1, - "attributes": { - "comment": "", - "delay": null, - "domain": "", - "domainresolvenow": false, - "domainresolveretry": 0, - "graceful": null, - "id": "srv_storefront01", - "internal": false, - "ipaddress": "192.168.1.10", - "ipv6address": "NO", - "name": "srv_storefront01", - "querytype": "", - "state": "ENABLED", - "td": null, - "translationip": "0.0.0.0", - "translationmask": "0.0.0.0" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - }, - { - "index_key": "srv_storefront02", - "schema_version": 1, - "attributes": { - "comment": "", - "delay": null, - "domain": "", - "domainresolvenow": false, - "domainresolveretry": 0, - "graceful": null, - "id": "srv_storefront02", - "internal": false, - "ipaddress": "192.168.1.11", - "ipv6address": "NO", - "name": "srv_storefront02", - "querytype": "", - "state": "ENABLED", - "td": null, - "translationip": "0.0.0.0", - "translationmask": "0.0.0.0" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_servicegroup", - "name": "lb_servicegroup", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": "svcg_dc", - "schema_version": 1, - "attributes": { - "appflowlog": "ENABLED", - "autodisabledelay": 0, - "autodisablegraceful": "", - "autoscale": "DISABLED", - "cacheable": "NO", - "cachetype": "SERVER", - "cip": "DISABLED", - "cipheader": "", - "cka": "NO", - "clttimeout": 9000, - "cmp": "NO", - "comment": "", - "customserverid": "", - "dbsttl": 0, - "delay": null, - "downstateflush": "ENABLED", - "dupweight": 0, - "graceful": null, - "hashid": null, - "healthmonitor": "YES", - "httpprofilename": "", - "id": "svcg_ldaps", - "includemembers": false, - "lbmonitor": null, - "lbvservers": [ - "lb_ldaps" - ], - "maxbandwidth": null, - "maxclient": null, - "maxreq": null, - "memberport": 0, - "monconnectionclose": "NONE", - "monitornamesvc": "", - "monthreshold": null, - "nameserver": "0.0.0.0", - "netprofile": "", - "pathmonitor": "NO", - "pathmonitorindv": "NO", - "port": 0, - "riseapbrstatsmsgcode": 0, - "rtspsessionidremap": "OFF", - "sc": "", - "serverid": 0, - "servername": "", - "servicegroupmembers": null, - "servicegroupmembers_by_servername": [ - "srv_dc01:636:1", - "srv_dc02:636:1" - ], - "servicegroupname": "svcg_ldaps", - "servicetype": "SSL_TCP", - "sp": "OFF", - "state": "ENABLED", - "svrtimeout": 9000, - "tcpb": "NO", - "tcpprofilename": "", - "td": null, - "useproxyport": "YES", - "usip": "NO", - "weight": 0 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_lbvserver.lb_vserver", - "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", - "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", - "module.base_configuration.citrixadc_server.lb_server", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" - ] - }, - { - "index_key": "svcg_storefront", - "schema_version": 1, - "attributes": { - "appflowlog": "ENABLED", - "autodisabledelay": 0, - "autodisablegraceful": "", - "autoscale": "DISABLED", - "cacheable": "NO", - "cachetype": "SERVER", - "cip": "DISABLED", - "cipheader": "", - "cka": "NO", - "clttimeout": 180, - "cmp": "NO", - "comment": "", - "customserverid": "", - "dbsttl": 0, - "delay": null, - "downstateflush": "ENABLED", - "dupweight": 0, - "graceful": null, - "hashid": null, - "healthmonitor": "YES", - "httpprofilename": "", - "id": "svcg_storefront", - "includemembers": false, - "lbmonitor": null, - "lbvservers": [ - "lb_storefront" - ], - "maxbandwidth": null, - "maxclient": null, - "maxreq": null, - "memberport": 0, - "monconnectionclose": "NONE", - "monitornamesvc": "", - "monthreshold": null, - "nameserver": "0.0.0.0", - "netprofile": "", - "pathmonitor": "NO", - "pathmonitorindv": "NO", - "port": 0, - "riseapbrstatsmsgcode": 0, - "rtspsessionidremap": "OFF", - "sc": "", - "serverid": 0, - "servername": "", - "servicegroupmembers": null, - "servicegroupmembers_by_servername": [ - "srv_storefront01:80:1", - "srv_storefront02:80:2" - ], - "servicegroupname": "svcg_storefront", - "servicetype": "HTTP", - "sp": "OFF", - "state": "ENABLED", - "svrtimeout": 360, - "tcpb": "NO", - "tcpprofilename": "", - "td": null, - "useproxyport": "YES", - "usip": "NO", - "weight": 0 - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_lbvserver.lb_vserver", - "module.base_configuration.citrixadc_nshttpprofile.base_http_prof", - "module.base_configuration.citrixadc_nstcpprofile.base_tcp_prof", - "module.base_configuration.citrixadc_server.lb_server", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_13_SNI" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslcipher", - "name": "ssl_cg_be_TLS12", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "ciphergroupname": "ssl_cg_GO-EUC_be_TLS12", - "ciphersuitebinding": [ - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", - "cipherpriority": 2 - }, - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-SHA256", - "cipherpriority": 4 - }, - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", - "cipherpriority": 1 - }, - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-SHA384", - "cipherpriority": 3 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES-128-SHA256", - "cipherpriority": 8 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES-256-SHA384", - "cipherpriority": 7 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", - "cipherpriority": 6 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", - "cipherpriority": 5 - } - ], - "id": "ssl_cg_GO-EUC_be_TLS12" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslcipher", - "name": "ssl_cg_fe_TLS1213", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS1213", - "ciphersuitebinding": [ - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256", - "cipherpriority": 5 - }, - { - "ciphername": "TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384", - "cipherpriority": 4 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES128-GCM-SHA256", - "cipherpriority": 7 - }, - { - "ciphername": "TLS1.2-ECDHE-RSA-AES256-GCM-SHA384", - "cipherpriority": 6 - }, - { - "ciphername": "TLS1.3-AES128-GCM-SHA256", - "cipherpriority": 3 - }, - { - "ciphername": "TLS1.3-AES256-GCM-SHA384", - "cipherpriority": 2 - }, - { - "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", - "cipherpriority": 1 - } - ], - "id": "ssl_cg_GO-EUC_fe_TLS1213" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslcipher", - "name": "ssl_cg_fe_TLS13", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_datacenter", + "name": "dc", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "schema_version": 1, + "schema_version": 0, "attributes": { - "ciphergroupname": "ssl_cg_GO-EUC_fe_TLS13", - "ciphersuitebinding": [ - { - "ciphername": "TLS1.3-AES128-GCM-SHA256", - "cipherpriority": 3 - }, - { - "ciphername": "TLS1.3-AES256-GCM-SHA384", - "cipherpriority": 2 - }, - { - "ciphername": "TLS1.3-CHACHA20-POLY1305-SHA256", - "cipherpriority": 1 - } - ], - "id": "ssl_cg_GO-EUC_fe_TLS13" + "id": "datacenter-3", + "name": "Datacenter" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslparameter", - "name": "ssl_enable_sslprofiles", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "crlmemorysizemb": null, - "cryptodevdisablelimit": null, - "defaultprofile": "ENABLED", - "denysslreneg": "ALL", - "dropreqwithnohostheader": "NO", - "encrypttriggerpktcount": null, - "heterogeneoussslhw": "DISABLED", - "hybridfipsmode": "DISABLED", - "id": "tf-sslparameter-20230908133613045600000003", - "insertcertspace": "YES", - "insertionencoding": "Unicode", - "ndcppcompliancecertcheck": "NO", - "ocspcachesize": null, - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "sendclosenotify": "YES", - "snihttphostmatch": "CERT", - "softwarecryptothreshold": null, - "sslierrorcache": "DISABLED", - "sslimaxerrorcachemem": null, - "ssltriggertimeout": null, - "strictcachecks": "NO", - "undefactioncontrol": "CLIENTAUTH", - "undefactiondata": "NOOP" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_be_12", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "alpnprotocol": "", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_be_TLS12", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_be_TLS12", - "includesubdomains": "NO", - "insertionencoding": "", - "maxage": null, - "name": "ssl_prof_GO-EUC_be_TLS12", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": 0, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "DISABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 300, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "DISABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "BackEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "ENABLED", - "tls13": "DISABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_be_TLS12", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_fe_1213", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_datastore", + "name": "datastore", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "schema_version": 1, + "schema_version": 0, "attributes": { - "alpnprotocol": "NONE", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_fe_TLS1213", - "includesubdomains": "NO", - "insertionencoding": "Unicode", - "maxage": null, - "name": "ssl_prof_GO-EUC_fe_TLS1213", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": null, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "ENABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 120, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "DISABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "FrontEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "ENABLED", - "tls13": "ENABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" + "datacenter_id": "datacenter-3", + "id": "datastore-11", + "name": "datastore1" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_fe_1213_SNI", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_host", + "name": "host", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "schema_version": 1, + "schema_version": 0, "attributes": { - "alpnprotocol": "NONE", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_fe_TLS1213", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_fe_TLS1213_SNI", - "includesubdomains": "NO", - "insertionencoding": "Unicode", - "maxage": null, - "name": "ssl_prof_GO-EUC_fe_TLS1213_SNI", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": null, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "ENABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 120, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "ENABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "FrontEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "ENABLED", - "tls13": "ENABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" + "datacenter_id": "datacenter-3", + "id": "host-10", + "name": "192.168.176.105", + "resource_pool_id": "resgroup-9" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_fe_13", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_network", + "name": "network", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "schema_version": 1, + "schema_version": 0, "attributes": { - "alpnprotocol": "NONE", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_fe_TLS13", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_fe_TLS13", - "includesubdomains": "NO", - "insertionencoding": "Unicode", - "maxage": null, - "name": "ssl_prof_GO-EUC_fe_TLS13", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": null, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "ENABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 120, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "DISABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "FrontEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "DISABLED", - "tls13": "ENABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" + "datacenter_id": "datacenter-3", + "distributed_virtual_switch_uuid": null, + "id": "network-12", + "name": "VM Network", + "type": "Network" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslprofile", - "name": "ssl_prof_fe_13_SNI", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_ovf_vm_template", + "name": "ovfLocal", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "schema_version": 1, + "schema_version": 0, "attributes": { - "alpnprotocol": "NONE", - "cipherbindings": [ - { - "ciphername": "ssl_cg_GO-EUC_fe_TLS13", - "cipherpriority": 10 - } - ], - "ciphername": "", - "cipherpriority": null, - "cipherredirect": "DISABLED", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "DISABLED", - "clientauthuseboundcachain": "DISABLED", - "clientcert": "", - "commonname": "", - "denysslreneg": "NONSECURE", - "dh": "DISABLED", - "dhcount": null, - "dhekeyexchangewithpsk": "NO", - "dhfile": "", - "dhkeyexpsizelimit": "DISABLED", - "dropreqwithnohostheader": "NO", - "ecccurvebindings": [ - "P_224", - "P_256", - "P_384", - "P_521" - ], - "encrypttriggerpktcount": null, - "ersa": "DISABLED", - "ersacount": null, - "hsts": "DISABLED", - "id": "ssl_prof_GO-EUC_fe_TLS13_SNI", - "includesubdomains": "NO", - "insertionencoding": "Unicode", - "maxage": null, - "name": "ssl_prof_GO-EUC_fe_TLS13_SNI", - "ocspstapling": "DISABLED", - "preload": "NO", - "prevsessionkeylifetime": null, - "pushenctrigger": "Always", - "pushenctriggertimeout": null, - "pushflag": null, - "quantumsize": "8192", - "redirectportrewrite": "DISABLED", - "sendclosenotify": "YES", - "serverauth": "DISABLED", - "sessionkeylifetime": null, - "sessionticket": "DISABLED", - "sessionticketkeydata": "", - "sessionticketkeyrefresh": "ENABLED", - "sessionticketlifetime": null, - "sessreuse": "ENABLED", - "sesstimeout": 120, - "skipclientcertpolicycheck": "DISABLED", - "snienable": "ENABLED", - "snihttphostmatch": "CERT", - "ssl3": "DISABLED", - "sslimaxsessperserver": null, - "sslinterception": "DISABLED", - "ssliocspcheck": "ENABLED", - "sslireneg": "ENABLED", - "ssllogprofile": "", - "sslprofiletype": "FrontEnd", - "sslredirect": "DISABLED", - "ssltriggertimeout": null, - "strictcachecks": "NO", - "strictsigdigestcheck": "DISABLED", - "tls1": "DISABLED", - "tls11": "DISABLED", - "tls12": "DISABLED", - "tls13": "ENABLED", - "tls13sessionticketsperauthcontext": null, - "zerorttearlydata": "DISABLED" + "allow_unverified_ssl_cert": false, + "alternate_guest_name": "", + "annotation": "", + "cpu_hot_add_enabled": false, + "cpu_hot_remove_enabled": false, + "cpu_performance_counters_enabled": null, + "datastore_id": "datastore-11", + "deployment_option": null, + "disk_provisioning": "thin", + "enable_hidden_properties": false, + "firmware": "", + "folder": null, + "guest_id": "freebsd64Guest", + "host_system_id": "host-10", + "id": "adc1", + "ide_controller_count": 2, + "ip_allocation_policy": null, + "ip_protocol": null, + "local_ovf_path": "./Resources/OVF/NSVPX-ESX-14.1-4.42_nc_64.ovf", + "memory": 2048, + "memory_hot_add_enabled": false, + "name": "adc1", + "nested_hv_enabled": false, + "num_cores_per_socket": 1, + "num_cpus": 2, + "ovf_network_map": { + "VM Network": "network-12" + }, + "remote_ovf_url": null, + "resource_pool_id": "resgroup-17", + "sata_controller_count": 0, + "scsi_controller_count": 1, + "scsi_type": "lsilogic", + "swap_placement_policy": "" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS13", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_sslvserver", - "name": "gw_vserver_sslprofile", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", + "module": "module.vsphere_deployment", + "mode": "data", + "type": "vsphere_resource_pool", + "name": "pool", + "provider": "provider[\"registry.terraform.io/hashicorp/vsphere\"]", "instances": [ { - "index_key": 0, - "schema_version": 1, + "schema_version": 0, "attributes": { - "cipherredirect": "", - "cipherurl": "", - "cleartextport": 0, - "clientauth": "", - "clientcert": "", - "dh": "", - "dhcount": 0, - "dhekeyexchangewithpsk": "", - "dhfile": "", - "dhkeyexpsizelimit": "", - "dtls1": "", - "dtls12": "", - "dtlsprofilename": "", - "ersa": "", - "ersacount": 0, - "hsts": "", - "id": "gw_go-euc", - "includesubdomains": "", - "maxage": 0, - "ocspstapling": "", - "preload": "", - "pushenctrigger": "", - "redirectportrewrite": "", - "sendclosenotify": "", - "sessreuse": "", - "sesstimeout": 0, - "snienable": "", - "ssl2": "", - "ssl3": "", - "sslprofile": "ssl_prof_GO-EUC_fe_TLS1213", - "sslredirect": "", - "sslv2redirect": "", - "sslv2url": "", - "strictsigdigestcheck": "", - "tls1": "", - "tls11": "", - "tls12": "", - "tls13": "", - "tls13sessionticketsperauthcontext": 0, - "vservername": "gw_go-euc", - "zerorttearlydata": "" + "datacenter_id": "datacenter-3", + "id": "resgroup-17", + "name": "ResourcePool1" }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_sslcipher.ssl_cg_fe_TLS1213", - "module.base_configuration.citrixadc_sslparameter.ssl_enable_sslprofiles", - "module.base_configuration.citrixadc_sslprofile.ssl_prof_fe_1213", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] + "sensitive_attributes": [] } ] }, { - "module": "module.base_configuration", + "module": "module.vsphere_deployment", "mode": "managed", - "type": "citrixadc_systemparameter", - "name": "base_systemparam", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "basicauth": "ENABLED", - "cliloglevel": "INFORMATIONAL", - "doppler": "ENABLED", - "fipsusermode": "DISABLED", - "forcepasswordchange": "DISABLED", - "googleanalytics": "DISABLED", - "id": "tf-systemparameter-20230908133613044300000002", - "localauth": "ENABLED", - "maxclient": "40", - "minpasswordlen": null, - "natpcbforceflushlimit": null, - "natpcbrstontimeout": "DISABLED", - "promptstring": "", - "rbaonresponse": "ENABLED", - "reauthonauthparamchange": "DISABLED", - "removesensitivefiles": "DISABLED", - "restrictedtimeout": "DISABLED", - "strongpassword": "enableall", - "timeout": 900, - "totalauthtimeout": null - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnsessionaction", - "name": "gw_sess_act_receiver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "advancedclientlessvpnmode": "DISABLED", - "allowedlogingroups": "", - "allprotocolproxy": "", - "alwaysonprofilename": "", - "authorizationgroup": "", - "autoproxyurl": "", - "citrixreceiverhome": "", - "clientchoices": "", - "clientcleanupprompt": "", - "clientconfiguration": [], - "clientdebug": "", - "clientidletimeout": 0, - "clientlessmodeurlencoding": "TRANSPARENT", - "clientlesspersistentcookie": "", - "clientlessvpnmode": "ON", - "clientoptions": "", - "clientsecurity": "", - "clientsecuritygroup": "", - "clientsecuritylog": "", - "clientsecuritymessage": "", - "defaultauthorizationaction": "ALLOW", - "dnsvservername": "", - "emailhome": "", - "epaclienttype": "", - "forcecleanup": [], - "forcedtimeout": 0, - "forcedtimeoutwarning": 0, - "fqdnspoofedip": "", - "ftpproxy": "", - "gopherproxy": "", - "homepage": "", - "httpport": [], - "httpproxy": "", - "icaproxy": "OFF", - "iconwithreceiver": "", - "id": "vpn_act_receiver_advanced", - "iipdnssuffix": "", - "kcdaccount": "", - "killconnections": "", - "linuxpluginupgrade": "", - "locallanaccess": "", - "loginscript": "", - "logoutscript": "", - "macpluginupgrade": "", - "name": "vpn_act_receiver_advanced", - "netmask": "", - "ntdomain": "", - "pcoipprofilename": "", - "proxy": "", - "proxyexception": "", - "proxylocalbypass": "", - "rdpclientprofilename": "", - "rfc1918": "", - "securebrowse": "", - "sesstimeout": 2880, - "sfgatewayauthtype": "", - "smartgroup": "", - "socksproxy": "", - "splitdns": "", - "splittunnel": "", - "spoofiip": "", - "sslproxy": "", - "sso": "ON", - "ssocredential": "PRIMARY", - "storefronturl": "https://storefront.go-euc.local/Citrix/StoreWeb", - "transparentinterception": "OFF", - "useiip": "", - "usemip": "", - "useraccounting": "", - "wihome": "https://storefront.go-euc.local/Citrix/StoreWeb", - "wihomeaddresstype": "IPV4", - "windowsautologon": "ON", - "windowsclienttype": "", - "windowspluginupgrade": "", - "winsip": "0.0.0.0", - "wiportalmode": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnsessionaction", - "name": "gw_sess_act_receiver_web", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "advancedclientlessvpnmode": "DISABLED", - "allowedlogingroups": "", - "allprotocolproxy": "", - "alwaysonprofilename": "", - "authorizationgroup": "", - "autoproxyurl": "", - "citrixreceiverhome": "", - "clientchoices": "OFF", - "clientcleanupprompt": "", - "clientconfiguration": [], - "clientdebug": "", - "clientidletimeout": 0, - "clientlessmodeurlencoding": "TRANSPARENT", - "clientlesspersistentcookie": "", - "clientlessvpnmode": "OFF", - "clientoptions": "", - "clientsecurity": "", - "clientsecuritygroup": "", - "clientsecuritylog": "", - "clientsecuritymessage": "", - "defaultauthorizationaction": "ALLOW", - "dnsvservername": "", - "emailhome": "", - "epaclienttype": "", - "forcecleanup": [], - "forcedtimeout": 0, - "forcedtimeoutwarning": 0, - "fqdnspoofedip": "", - "ftpproxy": "", - "gopherproxy": "", - "homepage": "", - "httpport": [], - "httpproxy": "", - "icaproxy": "ON", - "iconwithreceiver": "", - "id": "vpn_act_web_advanced", - "iipdnssuffix": "", - "kcdaccount": "", - "killconnections": "", - "linuxpluginupgrade": "", - "locallanaccess": "ON", - "loginscript": "", - "logoutscript": "", - "macpluginupgrade": "", - "name": "vpn_act_web_advanced", - "netmask": "", - "ntdomain": "", - "pcoipprofilename": "", - "proxy": "", - "proxyexception": "", - "proxylocalbypass": "", - "rdpclientprofilename": "", - "rfc1918": "OFF", - "securebrowse": "", - "sesstimeout": 2880, - "sfgatewayauthtype": "", - "smartgroup": "", - "socksproxy": "", - "splitdns": "", - "splittunnel": "", - "spoofiip": "", - "sslproxy": "", - "sso": "ON", - "ssocredential": "PRIMARY", - "storefronturl": "https://storefront.go-euc.local/Citrix/StoreWeb", - "transparentinterception": "", - "useiip": "", - "usemip": "", - "useraccounting": "", - "wihome": "", - "wihomeaddresstype": "IPV4", - "windowsautologon": "ON", - "windowsclienttype": "", - "windowspluginupgrade": "", - "winsip": "0.0.0.0", - "wiportalmode": "NORMAL" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnsessionpolicy", - "name": "gw_sess_pol_receiver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "action": "vpn_act_receiver_advanced", - "id": "vpn_prof_receiver_advanced", - "name": "vpn_prof_receiver_advanced", - "rule": "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") \u0026\u0026 HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnsessionpolicy", - "name": "gw_sess_pol_receiver_web", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "action": "vpn_act_web_advanced", - "id": "vpn_prof_web_advanced", - "name": "vpn_prof_web_advanced", - "rule": "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver_web", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnvserver", - "name": "gw_vserver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "advancedepa": "", - "appflowlog": "ENABLED", - "authentication": "ON", - "authnprofile": "authprof_aaa_ldaps", - "certkeynames": "", - "cginfrahomepageredirect": "ENABLED", - "comment": "", - "deploymenttype": "NONE", - "devicecert": "OFF", - "doublehop": "DISABLED", - "downstateflush": "ENABLED", - "dtls": "OFF", - "failedlogintimeout": 0, - "httpprofilename": "http_prof_GO-EUC", - "icaonly": "OFF", - "icaproxysessionmigration": "OFF", - "icmpvsrresponse": "PASSIVE", - "id": "gw_go-euc", - "ipset": "", - "ipv46": "192.168.176.199", - "l2conn": "OFF", - "linuxepapluginupgrade": "", - "listenpolicy": "NONE", - "listenpriority": 0, - "loginonce": "OFF", - "logoutonsmartcardremoval": "OFF", - "macepapluginupgrade": "", - "maxaaausers": null, - "maxloginattempts": 0, - "name": "gw_go-euc", - "netprofile": "", - "pcoipvserverprofilename": "", - "port": 443, - "range": null, - "rdpserverprofilename": "", - "rhistate": "PASSIVE", - "samesite": "", - "servicetype": "SSL", - "state": "ENABLED", - "tcpprofilename": "tcp_prof_GO-EUC", - "userdomains": "", - "vserverfqdn": "", - "windowsepapluginupgrade": "" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnvserver_staserver_binding", - "name": "gw_vserver_staserver_binding", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "id": "gw_go-euc,http://192.168.150.2", - "name": "gw_go-euc", - "staaddresstype": "IPV4", - "staserver": "http://192.168.150.2" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", - "name": "gw_vserver_vpnsessionpolicy_binding_receiver", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "bindpoint": null, - "gotopriorityexpression": null, - "groupextraction": false, - "id": "gw_go-euc,vpn_prof_receiver_advanced", - "name": "gw_go-euc", - "policy": "vpn_prof_receiver_advanced", - "priority": 100, - "secondary": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver", - "module.base_configuration.citrixadc_vpnsessionpolicy.gw_sess_pol_receiver", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] - }, - { - "module": "module.base_configuration", - "mode": "managed", - "type": "citrixadc_vpnvserver_vpnsessionpolicy_binding", - "name": "gw_vserver_vpnsessionpolicy_binding_receiver_web", - "provider": "module.base_configuration.provider[\"registry.terraform.io/citrix/citrixadc\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "bindpoint": null, - "gotopriorityexpression": null, - "groupextraction": false, - "id": "gw_go-euc,vpn_prof_web_advanced", - "name": "gw_go-euc", - "policy": "vpn_prof_web_advanced", - "priority": 110, - "secondary": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", - "dependencies": [ - "module.base_configuration.citrixadc_authenticationauthnprofile.gw_authentication_profile", - "module.base_configuration.citrixadc_authenticationldapaction.auth_authentication_ldapaction", - "module.base_configuration.citrixadc_authenticationpolicy.auth_authpolicy", - "module.base_configuration.citrixadc_authenticationvserver.aaa_vserver", - "module.base_configuration.citrixadc_nsfeature.advanced_nsfeature", - "module.base_configuration.citrixadc_vpnsessionaction.gw_sess_act_receiver_web", - "module.base_configuration.citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web", - "module.base_configuration.citrixadc_vpnvserver.gw_vserver" - ] - } - ] + "type": "time_sleep", + "name": "build_wait_a_few_seconds", + "provider": "provider[\"registry.terraform.io/hashicorp/time\"]", + "instances": [] } ], "check_results": null diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index a77150b..ef82955 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -1,3 +1,45 @@ +# Global settings to determine deployment type +variable terraform_settings{ + type = object({ + # Deploy NetScaler configuration + deploy_settings = bool + # Deploy NetScaler on vSphere + deploy_vsphere = bool + # Deploy Lets Encrypt on NetScaler + deploy_letsencrypt = bool + }) +} +# Variables for the NetScaler VM deployment in vSphere +variable vsphere{ + description = "values for the creation of a NetScaler VM in vSphere" + type = object({ + server = string + user = string + password = string + datacenter = string + host = string + datastore = string + network = string + timezone = string + resourcepool = string + }) +} + +# NetScaler VM Details +variable vm{ + description = "values for the creation of a NetScaler VM" + type = object({ + ovf = string + network = string + mac = string + ip = string + gateway = string + netmask = string + name = string + }) +} + + # Login Information for the NetScaler to authenticate API calls variable logon_information { description = "The logon information to authenticate the NetScaler API calls with" @@ -8,6 +50,8 @@ variable logon_information { }) } + + variable base_configuration { description = "uncategorized base_configuration variables" type = object({ From c7a71eac6bd3f19f719dda77fe0e81ad4b099731 Mon Sep 17 00:00:00 2001 From: Mick Hilhorst Date: Tue, 26 Sep 2023 13:20:15 +0200 Subject: [PATCH 11/11] Formatting --- terraform/citrix-adc/main.tf | 74 +++++----- .../base_config.tf | 120 +++++++-------- .../base_gateway.tf | 138 +++++++++--------- .../base_ldaps.tf | 16 +- .../base_profiles.tf | 98 ++++++------- .../base_vservers.tf | 16 +- .../netscaler.base.configuration/variables.tf | 86 +++++------ .../netscaler.letsencrypt/lec_config.tf | 42 +++--- .../netscaler.letsencrypt/lec_loadbalancer.tf | 20 +-- .../modules/netscaler.letsencrypt/provider.tf | 4 +- .../netscaler.letsencrypt/variables.tf | 24 +-- .../vsphere.netscaler.deployment/main.tf | 4 +- .../vsphere.netscaler.deployment/variables.tf | 4 +- terraform/citrix-adc/provider.tf | 10 +- terraform/citrix-adc/variables.tf | 92 ++++++------ 15 files changed, 374 insertions(+), 374 deletions(-) diff --git a/terraform/citrix-adc/main.tf b/terraform/citrix-adc/main.tf index 5883256..d24421f 100644 --- a/terraform/citrix-adc/main.tf +++ b/terraform/citrix-adc/main.tf @@ -1,52 +1,52 @@ module "vsphere_deployment" { - # Check if this needs to run based on global settings - count = var.terraform_settings.deploy_vsphere ? 1 : 0 - # Import the source module - source = "./modules/vsphere.netscaler.deployment" + # Check if this needs to run based on global settings + count = var.terraform_settings.deploy_vsphere ? 1 : 0 + # Import the source module + source = "./modules/vsphere.netscaler.deployment" - # vSphere settings - vsphere = var.vsphere + # vSphere settings + vsphere = var.vsphere - # VM settings - vm = var.vm + # VM settings + vm = var.vm } module "base_configuration" { - # Check if this needs to run based on global settings - count = var.terraform_settings.deploy_settings ? 1 : 0 - # Import the source module - source = "./modules/netscaler.base.configuration" - - # Default settings / Best Practices & Profiles - # base_configuration.tf - logon_information = var.logon_information - base_configuration = var.base_configuration - base_configuration_snip = var.base_configuration_snip - - # Virtual Servers / Services creation - # base_vservers.tf - servers = var.servers - service_groups = var.service_groups - virtual_servers = var.virtual_servers - - #LDAP (advanced) authentication with global binding - # base_ldaps.tf - auth_ldaps = var.auth_ldaps - - #Gateway configuration - # base_gateway.tf - gateway = var.gateway + # Check if this needs to run based on global settings + count = var.terraform_settings.deploy_settings ? 1 : 0 + # Import the source module + source = "./modules/netscaler.base.configuration" + + # Default settings / Best Practices & Profiles + # base_configuration.tf + logon_information = var.logon_information + base_configuration = var.base_configuration + base_configuration_snip = var.base_configuration_snip + + # Virtual Servers / Services creation + # base_vservers.tf + servers = var.servers + service_groups = var.service_groups + virtual_servers = var.virtual_servers + + #LDAP (advanced) authentication with global binding + # base_ldaps.tf + auth_ldaps = var.auth_ldaps + + #Gateway configuration + # base_gateway.tf + gateway = var.gateway } module "letsencrypt" { - count = var.terraform_settings.deploy_letsencrypt ? 1 : 0 - source = "./modules/netscaler.letsencrypt" + count = var.terraform_settings.deploy_letsencrypt ? 1 : 0 + source = "./modules/netscaler.letsencrypt" - # LetsEncrypt configuration + # LetsEncrypt configuration - # Set these variables in the module variables.tf file - # They have been excluded from the main terraform.tfvars file for ease of reading + # Set these variables in the module variables.tf file + # They have been excluded from the main terraform.tfvars file for ease of reading } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf index b17c0a3..aa7446c 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_config.tf @@ -1,7 +1,7 @@ # Set NS Hostname resource "citrixadc_nshostname" "base_hostname" { - hostname = var.base_configuration.hostname + hostname = var.base_configuration.hostname } @@ -22,77 +22,77 @@ resource "citrixadc_nsparam" "base_nsparam" { # Configure Modes resource "citrixadc_nsmode" "base_nsmode" { - bridgebpdus = false - cka = false - dradv = false - dradv6 = false - edge = true - fr = true - iradv = false - l2 = false - l3 = false - mbf = false + bridgebpdus = false + cka = false + dradv = false + dradv6 = false + edge = true + fr = true + iradv = false + l2 = false + l3 = false + mbf = false mediaclassification = false - pmtud = true - sradv = false - sradv6 = false - tcpb = false - ulfd = false - usnip = true - usip = false + pmtud = true + sradv = false + sradv6 = false + tcpb = false + ulfd = false + usnip = true + usip = false } # Configure Features resource "citrixadc_nsfeature" "advanced_nsfeature" { - aaa = var.base_configuration.advanced - adaptivetcp = false - apigateway = false - appflow = false - appfw = false - appqoe = false - bgp = false - bot = false - cf = false - ch = false - ci = false - cloudbridge = false - cmp = false + aaa = var.base_configuration.advanced + adaptivetcp = false + apigateway = false + appflow = false + appfw = false + appqoe = false + bgp = false + bot = false + cf = false + ch = false + ci = false + cloudbridge = false + cmp = false contentaccelerator = false - cqa = false - cr = false - cs = true - feo = false - forwardproxy = false - gslb = false - hdosp = false - ic = false - ipv6pt = false - isis = false - lb = true - lsn = false - ospf = false - pq = false - push = false - rdpproxy = false - rep = false - responder = true - rewrite = true - rip = false - rise = false - sp = false - ssl = true - sslinterception = false - sslvpn = var.base_configuration.advanced - urlfiltering = false - videooptimization = false - wl = false + cqa = false + cr = false + cs = true + feo = false + forwardproxy = false + gslb = false + hdosp = false + ic = false + ipv6pt = false + isis = false + lb = true + lsn = false + ospf = false + pq = false + push = false + rdpproxy = false + rep = false + responder = true + rewrite = true + rip = false + rise = false + sp = false + ssl = true + sslinterception = false + sslvpn = var.base_configuration.advanced + urlfiltering = false + videooptimization = false + wl = false } resource "citrixadc_systemparameter" "base_systemparam" { - strongpassword = "enableall" + strongpassword = "enableall" } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf index 6ef907c..7fa7b1c 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_gateway.tf @@ -1,11 +1,11 @@ # Create AAA vserver resource "citrixadc_authenticationvserver" "aaa_vserver" { - count = var.base_configuration.advanced ? 1 : 0 - name = "AAA_LDAPS" - servicetype = "SSL" - authentication = "ON" - state = "ENABLED" - depends_on = [citrixadc_nsfeature.advanced_nsfeature] + count = var.base_configuration.advanced ? 1 : 0 + name = "AAA_LDAPS" + servicetype = "SSL" + authentication = "ON" + state = "ENABLED" + depends_on = [citrixadc_nsfeature.advanced_nsfeature] } resource "citrixadc_authenticationvserver_authenticationpolicy_binding" "tf_bind" { @@ -13,75 +13,75 @@ resource "citrixadc_authenticationvserver_authenticationpolicy_binding" "tf_bind policy = "pol_auth_ldaps" priority = 30 - depends_on = [citrixadc_authenticationvserver.aaa_vserver, citrixadc_authenticationpolicy.auth_authpolicy ] + depends_on = [citrixadc_authenticationvserver.aaa_vserver, citrixadc_authenticationpolicy.auth_authpolicy] } # Create authentication profile resource "citrixadc_authenticationauthnprofile" "gw_authentication_profile" { - count = var.base_configuration.advanced ? 1 : 0 - name = "authprof_aaa_ldaps" - authnvsname = citrixadc_authenticationvserver.aaa_vserver[count.index].name - depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] + count = var.base_configuration.advanced ? 1 : 0 + name = "authprof_aaa_ldaps" + authnvsname = citrixadc_authenticationvserver.aaa_vserver[count.index].name + depends_on = [citrixadc_authenticationpolicy.auth_authpolicy] } # Create Gateway vServer resource "citrixadc_vpnvserver" "gw_vserver" { - count = var.base_configuration.advanced ? 1 : 0 - name = var.gateway.name - servicetype = var.gateway.servicetype - ipv46 = var.gateway.ipv46 - port = var.gateway.port - dtls = var.gateway.dtls - authnprofile = citrixadc_authenticationauthnprofile.gw_authentication_profile[count.index].name - tcpprofilename = "tcp_prof_${var.base_configuration.environment_prefix}" - httpprofilename = "http_prof_${var.base_configuration.environment_prefix}" - - depends_on = [citrixadc_authenticationauthnprofile.gw_authentication_profile] + count = var.base_configuration.advanced ? 1 : 0 + name = var.gateway.name + servicetype = var.gateway.servicetype + ipv46 = var.gateway.ipv46 + port = var.gateway.port + dtls = var.gateway.dtls + authnprofile = citrixadc_authenticationauthnprofile.gw_authentication_profile[count.index].name + tcpprofilename = "tcp_prof_${var.base_configuration.environment_prefix}" + httpprofilename = "http_prof_${var.base_configuration.environment_prefix}" + + depends_on = [citrixadc_authenticationauthnprofile.gw_authentication_profile] } # Bind SSL profile to GW vServer resource "citrixadc_sslvserver" "gw_vserver_sslprofile" { - count = var.base_configuration.advanced ? 1 : 0 - vservername = var.gateway.name - sslprofile = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" + count = var.base_configuration.advanced ? 1 : 0 + vservername = var.gateway.name + sslprofile = "ssl_prof_${var.base_configuration.environment_prefix}_fe_TLS1213" - depends_on = [ - citrixadc_vpnvserver.gw_vserver, + depends_on = [ + citrixadc_vpnvserver.gw_vserver, citrixadc_sslprofile.ssl_prof_fe_1213 - - ] + + ] } # Bind STA Servers to GW vServer resource "citrixadc_vpnvserver_staserver_binding" "gw_vserver_staserver_binding" { - count = var.base_configuration.advanced ? 1 : 0 - name = var.gateway.name - staserver = "http://${var.gateway.sta}" - staaddresstype = "IPV4" + count = var.base_configuration.advanced ? 1 : 0 + name = var.gateway.name + staserver = "http://${var.gateway.sta}" + staaddresstype = "IPV4" - depends_on = [ + depends_on = [ citrixadc_vpnvserver.gw_vserver - ] + ] } # Add Session Action Receiver resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver" { - name = "vpn_act_receiver_advanced" - clientlessmodeurlencoding = "TRANSPARENT" - clientlessvpnmode = "ON" + name = "vpn_act_receiver_advanced" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "ON" defaultauthorizationaction = "ALLOW" - icaproxy = "OFF" - sesstimeout = "2880" - sso = "ON" - ssocredential = "PRIMARY" - storefronturl = var.gateway.storefronturl - transparentinterception = "OFF" - wihome = var.gateway.storefronturl - windowsautologon = "ON" + icaproxy = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + storefronturl = var.gateway.storefronturl + transparentinterception = "OFF" + wihome = var.gateway.storefronturl + windowsautologon = "ON" depends_on = [ citrixadc_vpnvserver.gw_vserver @@ -91,20 +91,20 @@ resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver" { # Add Session Action HTML5 resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver_web" { - name = "vpn_act_web_advanced" - clientchoices = "OFF" - clientlessmodeurlencoding = "TRANSPARENT" - clientlessvpnmode = "OFF" + name = "vpn_act_web_advanced" + clientchoices = "OFF" + clientlessmodeurlencoding = "TRANSPARENT" + clientlessvpnmode = "OFF" defaultauthorizationaction = "ALLOW" - icaproxy = "ON" - locallanaccess = "ON" - rfc1918 = "OFF" - sesstimeout = "2880" - sso = "ON" - ssocredential = "PRIMARY" - storefronturl = var.gateway.storefronturl - windowsautologon = "ON" - wiportalmode = "NORMAL" + icaproxy = "ON" + locallanaccess = "ON" + rfc1918 = "OFF" + sesstimeout = "2880" + sso = "ON" + ssocredential = "PRIMARY" + storefronturl = var.gateway.storefronturl + windowsautologon = "ON" + wiportalmode = "NORMAL" depends_on = [ citrixadc_vpnvserver.gw_vserver @@ -113,8 +113,8 @@ resource "citrixadc_vpnsessionaction" "gw_sess_act_receiver_web" { # Add Session Policies resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver" { - name = "vpn_prof_receiver_advanced" - rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") && HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" + name = "vpn_prof_receiver_advanced" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\") && HTTP.REQ.HEADER(\"X-Citrix-Gateway\").EXISTS" action = citrixadc_vpnsessionaction.gw_sess_act_receiver.name depends_on = [ @@ -123,8 +123,8 @@ resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver" { } resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver_web" { - name = "vpn_prof_web_advanced" - rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" + name = "vpn_prof_web_advanced" + rule = "HTTP.REQ.HEADER(\"User-Agent\").CONTAINS(\"CitrixReceiver\").NOT" action = citrixadc_vpnsessionaction.gw_sess_act_receiver_web.name depends_on = [ citrixadc_vpnsessionaction.gw_sess_act_receiver_web @@ -134,9 +134,9 @@ resource "citrixadc_vpnsessionpolicy" "gw_sess_pol_receiver_web" { # Bind session policy to GW vServer resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver" { - name = var.gateway.name - policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver.name - priority = 100 + name = var.gateway.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver.name + priority = 100 depends_on = [ citrixadc_vpnsessionpolicy.gw_sess_pol_receiver, @@ -146,9 +146,9 @@ resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionp # Bind session policy to GW vServer resource "citrixadc_vpnvserver_vpnsessionpolicy_binding" "gw_vserver_vpnsessionpolicy_binding_receiver_web" { - name = var.gateway.name - policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web.name - priority = 110 + name = var.gateway.name + policy = citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web.name + priority = 110 depends_on = [ citrixadc_vpnsessionpolicy.gw_sess_pol_receiver_web, diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf index e5b3a8d..97da69c 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_ldaps.tf @@ -2,14 +2,14 @@ # Don't forget to add basedn etc, in example it's omitted to prevent errors # https://registry.terraform.io/providers/citrix/citrixadc/latest/docs/resources/authenticationldapaction resource "citrixadc_authenticationldapaction" "auth_authentication_ldapaction" { - name = var.auth_ldaps.action_name - serverip = var.virtual_servers.lb_ldaps.ipv46 - serverport = 636 - sectype = var.auth_ldaps.sectype - authtimeout = 1 - ldaploginname = var.auth_ldaps.ldaploginname - ldapbase = var.auth_ldaps.ldapbase - ldapbinddn = var.auth_ldaps.ldapbinddn + name = var.auth_ldaps.action_name + serverip = var.virtual_servers.lb_ldaps.ipv46 + serverport = 636 + sectype = var.auth_ldaps.sectype + authtimeout = 1 + ldaploginname = var.auth_ldaps.ldaploginname + ldapbase = var.auth_ldaps.ldapbase + ldapbinddn = var.auth_ldaps.ldapbinddn ldapbinddnpassword = var.auth_ldaps.ldapbinddnpassword } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf index 4c2ccc5..d3bac4f 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_profiles.tf @@ -1,42 +1,42 @@ # Add basic http Profile resource "citrixadc_nshttpprofile" "base_http_prof" { - name = "http_prof_${var.base_configuration.environment_prefix}" - dropinvalreqs = "ENABLED" - markhttp09inval = "ENABLED" + name = "http_prof_${var.base_configuration.environment_prefix}" + dropinvalreqs = "ENABLED" + markhttp09inval = "ENABLED" markconnreqinval = "ENABLED" - weblog = "DISABLED" - http2 = "ENABLED" + weblog = "DISABLED" + http2 = "ENABLED" } # Add basic TCP Profile resource "citrixadc_nstcpprofile" "base_tcp_prof" { - name = "tcp_prof_${var.base_configuration.environment_prefix}" - ws = "ENABLED" - sack = "ENABLED" - wsval = "8" - mss = "1460" - initialcwnd = "10" - oooqsize = "300" - buffersize = "131072" - flavor = "BIC" - sendbuffsize = "131072" - rstmaxack = "ENABLED" - spoofsyndrop = "DISABLED" - frto = "ENABLED" - fack = "ENABLED" - nagle = "ENABLED" - dynamicreceivebuffering = "ENABLED" + name = "tcp_prof_${var.base_configuration.environment_prefix}" + ws = "ENABLED" + sack = "ENABLED" + wsval = "8" + mss = "1460" + initialcwnd = "10" + oooqsize = "300" + buffersize = "131072" + flavor = "BIC" + sendbuffsize = "131072" + rstmaxack = "ENABLED" + spoofsyndrop = "DISABLED" + frto = "ENABLED" + fack = "ENABLED" + nagle = "ENABLED" + dynamicreceivebuffering = "ENABLED" drophalfclosedconnontimeout = "ENABLED" - dropestconnontimeout = "ENABLED" + dropestconnontimeout = "ENABLED" } ##### # Enable SSL Parameter Usage ##### -resource "citrixadc_sslparameter" "ssl_enable_sslprofiles" { +resource "citrixadc_sslparameter" "ssl_enable_sslprofiles" { defaultprofile = "ENABLED" } @@ -163,10 +163,10 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213" { } ecccurvebindings = [ - "P_521", - "P_384", - "P_256", - "P_224" + "P_521", + "P_384", + "P_256", + "P_224" ] depends_on = [ @@ -186,7 +186,7 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { tls11 = "DISABLED" tls12 = "ENABLED" tls13 = "ENABLED" - snienable = "ENABLED" + snienable = "ENABLED" cipherbindings { ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS1213" @@ -194,10 +194,10 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_1213_SNI" { } ecccurvebindings = [ - "P_521", - "P_384", - "P_256", - "P_224" + "P_521", + "P_384", + "P_256", + "P_224" ] depends_on = [ @@ -223,11 +223,11 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13" { cipherpriority = 10 } - ecccurvebindings = [ - "P_521", - "P_384", - "P_256", - "P_224" + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" ] depends_on = [ @@ -247,18 +247,18 @@ resource "citrixadc_sslprofile" "ssl_prof_fe_13_SNI" { tls11 = "DISABLED" tls12 = "DISABLED" tls13 = "ENABLED" - snienable = "ENABLED" + snienable = "ENABLED" cipherbindings { ciphername = "ssl_cg_${var.base_configuration.environment_prefix}_fe_TLS13" cipherpriority = 10 } - ecccurvebindings = [ - "P_521", - "P_384", - "P_256", - "P_224" + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" ] depends_on = [ @@ -284,15 +284,15 @@ resource "citrixadc_sslprofile" "ssl_prof_be_12" { cipherpriority = 10 } - ecccurvebindings = [ - "P_521", - "P_384", - "P_256", - "P_224" + ecccurvebindings = [ + "P_521", + "P_384", + "P_256", + "P_224" ] depends_on = [ citrixadc_sslcipher.ssl_cg_be_TLS12 - ] + ] } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf index 0486192..5a964f4 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/base_vservers.tf @@ -2,8 +2,8 @@ # Add servers (service object) resource "citrixadc_server" "lb_server" { # Loop through each server object - for_each = var.servers - name = each.value.hostname + for_each = var.servers + name = each.value.hostname ipaddress = each.value.ip_address } @@ -11,11 +11,11 @@ resource "citrixadc_server" "lb_server" { # Add Service Groups resource "citrixadc_servicegroup" "lb_servicegroup" { # Loop through each service group object - for_each = var.service_groups - servicegroupname = each.value.name - servicetype = each.value.type + for_each = var.service_groups + servicegroupname = each.value.name + servicetype = each.value.type servicegroupmembers_by_servername = each.value.servers_to_bind - lbvservers = each.value.virtual_server_bindings + lbvservers = each.value.virtual_server_bindings depends_on = [citrixadc_server.lb_server, citrixadc_lbvserver.lb_vserver] } @@ -23,7 +23,7 @@ resource "citrixadc_servicegroup" "lb_servicegroup" { # Add and configure LB vServer resource "citrixadc_lbvserver" "lb_vserver" { - + for_each = var.virtual_servers name = each.value.name @@ -44,7 +44,7 @@ resource "citrixadc_lbvserver" "lb_vserver" { citrixadc_sslcipher.ssl_cg_fe_TLS13, citrixadc_sslprofile.ssl_prof_fe_13, citrixadc_sslprofile.ssl_prof_fe_13_SNI, - ] + ] } diff --git a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf index a77150b..ed17587 100644 --- a/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.base.configuration/variables.tf @@ -1,14 +1,14 @@ # Login Information for the NetScaler to authenticate API calls -variable logon_information { +variable "logon_information" { description = "The logon information to authenticate the NetScaler API calls with" - type = object({ - username = string - password = string - host = string - }) + type = object({ + username = string + password = string + host = string + }) } -variable base_configuration { +variable "base_configuration" { description = "uncategorized base_configuration variables" type = object({ hostname = string @@ -21,30 +21,30 @@ variable base_configuration { }) } -variable base_configuration_snip { +variable "base_configuration_snip" { description = "The first subnet IP information on the NetScaler" type = object({ # Subnet IP ip_address = string - netmask = string - icmp = string + netmask = string + icmp = string }) } # All backend servers to be created -variable servers { +variable "servers" { description = "All backend servers to be created" type = map(object({ - hostname = string + hostname = string ip_address = string })) } # All service groups to be created -variable service_groups { +variable "service_groups" { description = "All service groups to be created" - type = map(object({ + type = map(object({ name = string type = string port = string @@ -56,50 +56,50 @@ variable service_groups { } # All virtual servers to be created -variable virtual_servers { +variable "virtual_servers" { description = "All virtual servers to be created" - type = map(object({ - name = string - ipv46 = string - port = string - lbmethod = string + type = map(object({ + name = string + ipv46 = string + port = string + lbmethod = string persistencetype = string - timeout = string - servicetype = string - sslprofile = optional(string) + timeout = string + servicetype = string + sslprofile = optional(string) httpprofilename = optional(string) - tcpprofilename = optional(string) + tcpprofilename = optional(string) })) } -variable auth_ldaps { +variable "auth_ldaps" { description = "Values to setup base (advanced) authentication policy / action" type = object({ - policy_name = string - action_name = string - policy_expression = string - serverip = string - serverport = string - sectype = string - authtimeout = string - ldaploginname = string - ldapbase = optional(string) - ldapbinddn = optional(string) + policy_name = string + action_name = string + policy_expression = string + serverip = string + serverport = string + sectype = string + authtimeout = string + ldaploginname = string + ldapbase = optional(string) + ldapbinddn = optional(string) ldapbinddnpassword = optional(string) }) } -variable gateway{ +variable "gateway" { description = "Values to create default gateway vserver" type = object({ - name = string - servicetype = string - ipv46 = string - port = string - dtls = string - sta = string - storefronturl = string + name = string + servicetype = string + ipv46 = string + port = string + dtls = string + sta = string + storefronturl = string }) } diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf index 2316359..33cfd02 100644 --- a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_config.tf @@ -33,9 +33,9 @@ resource "acme_certificate" "le_certificate" { # Upload cert files to /nsconfig/ssl on ADC resource "citrixadc_systemfile" "le_upload_cert" { - filename = "${var.letsencrypt_certificate.common_name}_certificate.cer" + filename = "${var.letsencrypt_certificate.common_name}_certificate.cer" filelocation = "/nsconfig/ssl" - filecontent = lookup(acme_certificate.le_certificate,"certificate_pem") + filecontent = lookup(acme_certificate.le_certificate, "certificate_pem") depends_on = [ acme_certificate.le_certificate @@ -43,9 +43,9 @@ resource "citrixadc_systemfile" "le_upload_cert" { } resource "citrixadc_systemfile" "le_upload_key" { - filename = "${var.letsencrypt_certificate.common_name}_privatekey.cer" + filename = "${var.letsencrypt_certificate.common_name}_privatekey.cer" filelocation = "/nsconfig/ssl" - filecontent = nonsensitive(lookup(acme_certificate.le_certificate,"private_key_pem")) + filecontent = nonsensitive(lookup(acme_certificate.le_certificate, "private_key_pem")) depends_on = [ acme_certificate.le_certificate @@ -53,9 +53,9 @@ resource "citrixadc_systemfile" "le_upload_key" { } resource "citrixadc_systemfile" "le_upload_root" { - filename = "${var.letsencrypt_certificate.common_name}_rootca.cer" + filename = "${var.letsencrypt_certificate.common_name}_rootca.cer" filelocation = "/nsconfig/ssl" - filecontent = lookup(acme_certificate.le_certificate,"issuer_pem") + filecontent = lookup(acme_certificate.le_certificate, "issuer_pem") depends_on = [ acme_certificate.le_certificate @@ -64,11 +64,11 @@ resource "citrixadc_systemfile" "le_upload_root" { # Implement root certificate resource "citrixadc_sslcertkey" "le_implement_rootca" { - certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" - cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_rootca.cer" + certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" + cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_rootca.cer" expirymonitor = "DISABLED" -depends_on = [ + depends_on = [ citrixadc_systemfile.le_upload_cert, citrixadc_systemfile.le_upload_key ] @@ -76,10 +76,10 @@ depends_on = [ # Implement server certificate resource "citrixadc_sslcertkey" "le_implement_certkeypair" { - certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_Server" - cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_certificate.cer" - key = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_privatekey.cer" - expirymonitor = "DISABLED" + certkey = "ssl_cert_${var.letsencrypt_certificate.common_name}_Server" + cert = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_certificate.cer" + key = "/nsconfig/ssl/${var.letsencrypt_certificate.common_name}_privatekey.cer" + expirymonitor = "DISABLED" linkcertkeyname = "ssl_cert_${var.letsencrypt_certificate.common_name}_RootCA" depends_on = [ @@ -88,12 +88,12 @@ resource "citrixadc_sslcertkey" "le_implement_certkeypair" { } # Save config -resource "citrixadc_nsconfig_save" "le_save" { - all = true - timestamp = timestamp() - - depends_on = [ - citrixadc_sslcertkey.le_implement_certkeypair, - citrixadc_sslcertkey.le_implement_rootca - ] +resource "citrixadc_nsconfig_save" "le_save" { + all = true + timestamp = timestamp() + + depends_on = [ + citrixadc_sslcertkey.le_implement_certkeypair, + citrixadc_sslcertkey.le_implement_rootca + ] } \ No newline at end of file diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf index b3e8d23..8170a6f 100644 --- a/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/lec_loadbalancer.tf @@ -7,9 +7,9 @@ resource "citrixadc_server" "le_lb_install_server" { # Add LB Service Groups resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { - servicegroupname = var.letsencrypt_lb.lb_sg_name - servicetype = var.letsencrypt_lb.servicetype - healthmonitor = var.letsencrypt_lb.lb_sg_healthmonitor + servicegroupname = var.letsencrypt_lb.lb_sg_name + servicetype = var.letsencrypt_lb.servicetype + healthmonitor = var.letsencrypt_lb.lb_sg_healthmonitor depends_on = [ citrixadc_server.le_lb_install_server @@ -18,9 +18,9 @@ resource "citrixadc_servicegroup" "le_lb_install_servicegroup" { # Bind LB Server to Service Groups resource "citrixadc_servicegroup_servicegroupmember_binding" "le_lb_install_sg_server_binding" { - servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname - servername = citrixadc_server.le_lb_install_server.name - port = var.letsencrypt_lb.port + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + servername = citrixadc_server.le_lb_install_server.name + port = var.letsencrypt_lb.port depends_on = [ citrixadc_servicegroup.le_lb_install_servicegroup @@ -46,8 +46,8 @@ resource "citrixadc_lbvserver" "le_lb_install_vserver_http" { # Bind LB Service Groups to LB vServers resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_binding" { - name = citrixadc_lbvserver.le_lb_install_vserver_http.name - servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname + name = citrixadc_lbvserver.le_lb_install_vserver_http.name + servicegroupname = citrixadc_servicegroup.le_lb_install_servicegroup.servicegroupname depends_on = [ citrixadc_lbvserver.le_lb_install_vserver_http @@ -56,8 +56,8 @@ resource "citrixadc_lbvserver_servicegroup_binding" "le_lb_install_vserver_sg_bi # Save config resource "citrixadc_nsconfig_save" "le_lb_install_save" { - all = true - timestamp = timestamp() + all = true + timestamp = timestamp() depends_on = [ citrixadc_lbvserver_servicegroup_binding.le_lb_install_vserver_sg_binding diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf index 87fb571..f3831c9 100644 --- a/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/provider.tf @@ -1,10 +1,10 @@ terraform { required_providers { # ACME provider for LetsEncrypt - acme = { + acme = { source = "vancluever/acme" } - citrixadc = { + citrixadc = { source = "citrix/citrixadc" } } diff --git a/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf b/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf index 4e80776..22421bc 100644 --- a/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf +++ b/terraform/citrix-adc/modules/netscaler.letsencrypt/variables.tf @@ -1,16 +1,16 @@ # ADC LetsEncrypt LB configuration variables -variable letsencrypt_lb { - type = map +variable "letsencrypt_lb" { + type = map(any) description = "LetsEncrypt LoadBalancer configuration variables" default = { - backend-ip = "192.168.1.25" - frontend-ip = "192.168.1.17" - servicetype = "TCP" - port = "80" + backend-ip = "192.168.1.25" + frontend-ip = "192.168.1.17" + servicetype = "TCP" + port = "80" lb_srv_name = "lb_srv_letsencrypt_backend" lb_sg_name = "lb_sg_letsencrypt_backend" lb_sg_healthmonitor = "NO" - lb_vs_name = "lb_vs_letsencrypt" + lb_vs_name = "lb_vs_letsencrypt" lb_vs_lbmethod = "LEASTCONNECTION" lb_vs_persistencetype = "SOURCEIP" lb_vs_timeout = "2" @@ -18,8 +18,8 @@ variable letsencrypt_lb { } # ADC LetsEncrypt configuration variables -variable letsencrypt_certificate { - type = map +variable "letsencrypt_certificate" { + type = map(any) description = "Lets Encrypt Certificate configuration variables" default = { private_key_algorithm = "RSA" @@ -27,12 +27,12 @@ variable letsencrypt_certificate { private_key_ecdsa_curve = "P224" registration_email_address = "you@something.com" common_name = "environment.com" - + } } -variable letsencrypt_certificate-san { - type = list +variable "letsencrypt_certificate-san" { + type = list(any) default = [ "citrix.YourEnvironment.YourDomain.YourTLD" ] diff --git a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf index 71f6a35..702b458 100644 --- a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf +++ b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/main.tf @@ -68,13 +68,13 @@ resource "vsphere_virtual_machine" "build_citrix-adc" { guest_id = data.vsphere_ovf_vm_template.ovfLocal.guest_id scsi_type = data.vsphere_ovf_vm_template.ovfLocal.scsi_type nested_hv_enabled = data.vsphere_ovf_vm_template.ovfLocal.nested_hv_enabled - + network_interface { network_id = values(data.vsphere_ovf_vm_template.ovfLocal.ovf_network_map)[0] use_static_mac = true mac_address = var.vm.mac } - + wait_for_guest_net_timeout = -1 wait_for_guest_ip_timeout = 5 diff --git a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf index 03dd27d..d9b0c09 100644 --- a/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf +++ b/terraform/citrix-adc/modules/vsphere.netscaler.deployment/variables.tf @@ -1,4 +1,4 @@ -variable vsphere{ +variable "vsphere" { description = "values for the creation of a NetScaler VM" type = object({ # Subnet IP @@ -14,7 +14,7 @@ variable vsphere{ }) } -variable vm{ +variable "vm" { description = "values for the creation of a NetScaler VM" type = object({ # Subnet IP diff --git a/terraform/citrix-adc/provider.tf b/terraform/citrix-adc/provider.tf index 5263520..a32bc5c 100644 --- a/terraform/citrix-adc/provider.tf +++ b/terraform/citrix-adc/provider.tf @@ -9,12 +9,12 @@ terraform { # Target non default partition provider "citrixadc" { - endpoint = var.logon_information.host - username = var.logon_information.username - password = var.logon_information.password - do_login = true + endpoint = var.logon_information.host + username = var.logon_information.username + password = var.logon_information.password + do_login = true -# Allow connection upon invalid certificate + # Allow connection upon invalid certificate insecure_skip_verify = true } diff --git a/terraform/citrix-adc/variables.tf b/terraform/citrix-adc/variables.tf index ef82955..1252f6e 100644 --- a/terraform/citrix-adc/variables.tf +++ b/terraform/citrix-adc/variables.tf @@ -1,5 +1,5 @@ # Global settings to determine deployment type -variable terraform_settings{ +variable "terraform_settings" { type = object({ # Deploy NetScaler configuration deploy_settings = bool @@ -10,7 +10,7 @@ variable terraform_settings{ }) } # Variables for the NetScaler VM deployment in vSphere -variable vsphere{ +variable "vsphere" { description = "values for the creation of a NetScaler VM in vSphere" type = object({ server = string @@ -26,7 +26,7 @@ variable vsphere{ } # NetScaler VM Details -variable vm{ +variable "vm" { description = "values for the creation of a NetScaler VM" type = object({ ovf = string @@ -41,18 +41,18 @@ variable vm{ # Login Information for the NetScaler to authenticate API calls -variable logon_information { +variable "logon_information" { description = "The logon information to authenticate the NetScaler API calls with" - type = object({ - username = string - password = string - host = string - }) + type = object({ + username = string + password = string + host = string + }) } -variable base_configuration { +variable "base_configuration" { description = "uncategorized base_configuration variables" type = object({ hostname = string @@ -65,30 +65,30 @@ variable base_configuration { }) } -variable base_configuration_snip { +variable "base_configuration_snip" { description = "The first subnet IP information on the NetScaler" type = object({ # Subnet IP ip_address = string - netmask = string - icmp = string + netmask = string + icmp = string }) } # All backend servers to be created -variable servers { +variable "servers" { description = "All backend servers to be created" type = map(object({ - hostname = string + hostname = string ip_address = string })) } # All service groups to be created -variable service_groups { +variable "service_groups" { description = "All service groups to be created" - type = map(object({ + type = map(object({ name = string type = string port = string @@ -100,50 +100,50 @@ variable service_groups { } # All virtual servers to be created -variable virtual_servers { +variable "virtual_servers" { description = "All virtual servers to be created" - type = map(object({ - name = string - ipv46 = string - port = string - lbmethod = string + type = map(object({ + name = string + ipv46 = string + port = string + lbmethod = string persistencetype = string - timeout = string - servicetype = string - sslprofile = optional(string) + timeout = string + servicetype = string + sslprofile = optional(string) httpprofilename = optional(string) - tcpprofilename = optional(string) + tcpprofilename = optional(string) })) } -variable auth_ldaps { +variable "auth_ldaps" { description = "Values to setup base (advanced) authentication policy / action" type = object({ - policy_name = string - action_name = string - policy_expression = string - serverip = string - serverport = string - sectype = string - authtimeout = string - ldaploginname = string - ldapbase = optional(string) - ldapbinddn = optional(string) + policy_name = string + action_name = string + policy_expression = string + serverip = string + serverport = string + sectype = string + authtimeout = string + ldaploginname = string + ldapbase = optional(string) + ldapbinddn = optional(string) ldapbinddnpassword = optional(string) }) } -variable gateway{ +variable "gateway" { description = "Values to create default gateway vserver" type = object({ - name = string - servicetype = string - ipv46 = string - port = string - dtls = string - sta = string - storefronturl = string + name = string + servicetype = string + ipv46 = string + port = string + dtls = string + sta = string + storefronturl = string }) }