ReName and ReOrder ALL Citrix ADC objects

As you all might know it is still not possible to rename all Citrix ADC (NetScaler) objects via the rename option in the GUI or CLI. Within the Traffic Management or AppExpert menu it is possible to rename almost all objects, but as soon if you want to rename an SSL Profile or Citrix Gateway Session Profile this is not possible. 

For a lot of objects within Citrix ADC the rename option is missing:

Citrix ADC not able to rename

Reordering objects from within the GUI or CLI is not possible at all. Therefor you need to edit your ns.conf file. 

Before explaining how to order or rename ALL your ADC objects, make sure to make a backup of the current configuration!!

If you’re running a VPX on a hypervisor make sure to create a snapshot as well.

Last but not least: be carefull with editing the ns.conf directly, any typo can result into an error during the reboot phase. Using this way of changing the ns.conf file is at your own risk!

Rename objects in a single ADC configuration

If you are using a single ADC node which is not part of an HA pair it is NOT possible to rename or reorder objects without any downtime. To rename objects you simply edit your saved configfile ns.conf which is located in /flash/nsconfig/ns.conf. Edit this file via WinSCP built-in editor works the best for me. Then save the file from the built-in editor. Make sure to not save the configuration again from within the GUI or CLI. Just force a reboot via GUI or CLI (reboot -f)

Rename objects in a High Available configuration

Now if you do have a Citrix ADC configuration which is Highly Available we can rename and reorder all objects without any downtime! Only a HA failover is needed. We need to disable the HA Synchronization options first on both nodes and then perform our changes. Please use the following steps to rename or reorder your ADC objects in an HA configuration:

  • On the PRIMARY node disable the HA synchronization and HA propogation options
    • cli: set HA node -haSync DISABLED -haProp DISABLED
  • Save the configuration on the PRIMARY node
    • cli: save config
  • On the SECONDARY node disable the HA synchronization and HA propogation options
    • cli: set HA node -haSync DISABLED -haProp DISABLED
  • Save the configuration on the SECONDARY node
    • cli: save config
  • Now edit the /flash/nsconfig/ns.conf on the SECONDARY appliance via WinSCP or Transmit (macOS) built-in editor. Rename the objects, make sure to do a replace all to rename the object and all references. Reorder the objects if needed and save the ns.conf file from within the built-in editor. DO NOT SAVE THE CONFIGURATION FROM WITHIN THE GUI OR CLI! 
  • Reboot the SECONDARY appliance via GUI or CLI (again don’t save the configuration, because this overwrites the changes we’ve just made to the ns.conf file)
    • cli: reboot -f
  • After the SECONDARY make sure the changes we’ve applied to the editor are applied successfully to the SECONDARY node. If so perform a HA failover so that the SECONDARY appliance becomes the PRIMARY appliance.
    • cli: force failover -f
  • On the NEW PRIMARY node disable the HA Synchronization and HA propogation options
    • cli: set HA node -haSync ENABLED -haProp ENABLED
  • Save the configuration on the NEW PRIMARY node
    • cli: save config
  • On the NEW SECONDARY node disable the HA Synchronization and HA propogation options
    • cli: set HA node -haSync DISABLED -haProp DISABLED
  • Save the configuration on the NEW SECONDARY node
    • cli: save config
  • Done

In Short

  1. disable HA synchronization and HA propogation on the primary appliance
  2. save primary configuration
  3. disable HA synchronization and HA propogation on the secondary appliance
  4. save secondary configuration
  5. edit and save ns.conf file via WinSCP or Transmit
  6. reboot secondary appliance, do not save again

Leave a Reply

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.