■NetScaler(KVM版)を試してみる。
サインインしてダウンロード。
Citrix ADC (NetScaler ADC)
https://www.citrix.com/downloads/citrix-adc/
■7年前はvmplayerだった。
■vmplayerでNetScaler Gateway Trialを試す。
https://labunix.hateblo.jp/entry/20130921/1379764894
■今回のホストはdebianで仮想基盤はKVM。
$ lsb_release -d
Description: Debian GNU/Linux 10 (buster)
$ dpkg -l | awk '/^ii/&&$2 ~ /kvm/{print $2,$3}'
qemu-kvm 1:3.1+dfsg-8+deb10u5
■debian stretchにKVMを導入する。
https://labunix.hateblo.jp/entry/20180501/1525182562
■ネットワークは稼働中の仮想マシンと同じとする。
$ virsh dumpxml $(virsh list --all | awk '/stretch/{print $2}') | \
awk 'BEGIN{f=0}{if($1=="<interface"||$1=="</interface>") \
{f+=1;print $0}else{if(f==1){gsub(":[0-9a-f][0-9a-f]",":XX",$0);print $0}}}'
<interface type='network'>
<mac address='52:XX:XX:XX:XX:XX'/>
<source network='route' bridge='virbr0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
■今回は「Citrix ADC VPX for KVM 12.1 Build 56.22」を選択。
$ md5sum NSVPX-KVM-12.1-56.22_nc_64.tgz
603cb4593632817f82dab4596957d40f NSVPX-KVM-12.1-56.22_nc_64.tgz
$ tar ztvf NSVPX-KVM-12.1-56.22_nc_64.tgz
-rw-rw-r-- vpx_build/vpx_build 919 2020-03-29 23:30 NSVPX-KVM.xml
-rw-rw-r-- vpx_build/vpx_build 53 2020-03-29 23:30 checksum.txt
-rw-r--r-- vpx_build/vpx_build 999817216 2020-03-29 23:30 NSVPX-KVM-12.1-56.22_nc_64.qcow2
$ tar zxvf NSVPX-KVM-12.1-56.22_nc_64.tgz
NSVPX-KVM.xml
checksum.txt
NSVPX-KVM-12.1-56.22_nc_64.qcow2
■リストア方式でまずはデフォルトのまま登録
$ sudo mv NSVPX-KVM.xml /etc/libvirt/qemu/
$ sudo mv NSVPX-KVM-12.1-56.22_nc_64.qcow2 /var/lib/libvirt/
$ sudo chown labunix:labunix /etc/libvirt/qemu/NSVPX-KVM.xml /var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2
$ virsh define /etc/libvirt/qemu/NSVPX-KVM.xml
Domain NetScaler-VPX defined from /etc/libvirt/qemu/NSVPX-KVM.xml
■CPU、メモリ、NIC、Diskを確認方法は以下と同じ。
debian stretchのKVMで仮想マシンのCPU、メモリ、NICの増設とディスクの拡張をしてみた。
https://labunix.hateblo.jp/entry/20180502/1525262971
$ virsh list --all | grep NetScaler
- NetScaler-VPX shut off
■CPUは2コア。
$ virsh dumpxml $(virsh list --all | awk '/NetScaler/{print $2}') | awk '/vcpu|CPU/'
<vcpu placement='static'>2</vcpu>
$ virsh dominfo $(virsh list --all | awk '/NetScaler/{print $2}') | awk '/vcpu|CPU/'
CPU(s): 2
■メモリは2GB
$ virsh dumpxml $(virsh list --all | awk '/NetScaler/{print $2}') | awk '/memory unit| memory/'
<memory unit='KiB'>2097152</memory>
$ echo $((2097152/1024/1024))"GB"
2GB
$ virsh dominfo $(virsh list --all | awk '/NetScaler/{print $2}') | awk '/memory unit| memory/'
Max memory: 2097152 KiB
Used memory: 2097152 KiB
■NICのデフォルトはeth0にvirtioドライバでブリッジ接続1つのみ。
$ virsh dumpxml $(virsh list --all | awk '/NetScaler/{print $2}') | \
awk 'BEGIN{f=0}{if($1=="<interface"||$1=="</interface>") \
{f+=1;print $0}else{if(f==1){gsub(":[0-9a-f][0-9a-f]",":XX",$0);print $0}}}'
<interface type='direct'>
<mac address='52:XX:XX:XX:XX:XX'/>
<source dev='eth0' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
■ディスクは約20GB。
$ qemu-img info /var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2
image: /var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: 954M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
■バックアップして自身の環境用XMLと差し替え。
※NICとディスクのパスを修正
$ virsh dumpxml $(virsh list --all | awk '/NetScaler/{print $2}') | sudo tee /etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ ls -l /etc/libvirt/qemu/NSVPX-KVM-custom.xml
-rw-r--r-- 1 root root 2144 5月 28 01:04 /etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ sudo chown labunix:labunix /etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ ls -l /etc/libvirt/qemu/NSVPX-KVM-custom.xml
-rw-r--r-- 1 labunix labunix 2144 5月 28 01:04 /etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ sudo sed -i \
-e "s%<interface type='direct'>%<interface type='network'>%" \
-e "s%<source dev='eth0' mode='bridge'/>%<source network='route' bridge='virbr0'/>\n <target dev='vnet0'/>%" \
-e "s%<model type='virtio'/>%&\n <alias name='net0'/>%" \
/etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ cat /etc/libvirt/qemu/NSVPX-KVM-custom.xml | \
awk 'BEGIN{f=0}{if($1=="<interface"||$1=="</interface>") \
{f+=1;print $0}else{if(f==1){gsub(":[0-9a-f][0-9a-f]",":XX",$0);print $0}}}'
<interface type='network'>
<mac address='52:XX:XX:XX:XX:XX'/>
<source network='route' bridge='virbr0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
</interface>
$ sudo sed -i -e 's%NSVPX-KVM-12.1-56.22_nc_64.qcow2%/var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2%' \
/etc/libvirt/qemu/NSVPX-KVM-custom.xml && grep qcow2 /etc/libvirt/qemu/NSVPX-KVM-custom.xml
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2'/>
■一度削除してNSVPX-KVM-custom.xmlからリストア
$ virsh undefine $(virsh list --all | awk '/NetScaler/{print $2}')
Domain NetScaler-VPX has been undefined
$ virsh define /etc/libvirt/qemu/NSVPX-KVM-custom.xml
Domain NetScaler-VPX defined from /etc/libvirt/qemu/NSVPX-KVM-custom.xml
$ virsh start $(virsh list --all | awk '/NetScaler/{print $2}')
$ virsh domiflist $(sudo virsh list --all | awk '/NetScaler/{print $2}')
Interface Type Source Model MAC
------------------------------------------------------------
vnet1 network route virtio 52:54:00:29:74:b3
■i初回ログインとIP設定
※デフォルトの192.168.100.1で通信できる場合は不要。
Citrix NetScaler:導入ガイド
https://www.citrix.com/content/dam/citrix/ja-jp/documents/products-solutions/citrix-netscaler-deployment-guide.pdf
Citrix NetScaler製品概要
https://docs.citrix.com/ja-jp/netscaler/11-1/downloads/Netscaler-Getting-Started-11-1.pdf
$ virsh console NetScaler-VPX
login: nsroot
Password: nsroot
> show ns ip
Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State
--------- -------------- ---- ---- --- ---- ------- ------
1) 192.168.100.1 0 NetScaler IP Active Enabled Enabled NA Enabled
Done
> config ns
> set ns config -ipaddress 192.168.100.11 -netmask 255.255.255.0
Warning: The configuration must be saved and the system rebooted for these settings to take effect
Done
> add ns ip 192.168.100.12 255.255.255.0 -type snip
Done
> add route 0.0.0.0 0.0.0.0 192.168.100.252
Done
> save ns config
Done
> reboot
Are you sure you want to restart NetScaler (Y/N)? [N]:Y
Done
■追加したSNIP側はWeb管理画面のアクセスは出来ない。
$ sudo nmap -sT 192.168.100.12
Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-31 01:12 JST
Nmap scan report for 192.168.100.12
Host is up (0.00025s latency).
All 1000 scanned ports on 192.168.100.12 are filtered
MAC Address: 52:54:00:29:74:B3 (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 21.47 seconds
$ sudo nmap -sT 192.168.100.11
Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-31 01:12 JST
Nmap scan report for 192.168.100.11
Host is up (0.00023s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
179/tcp filtered bgp
443/tcp open https
3011/tcp open trusted-web
4001/tcp filtered newoak
8080/tcp filtered http-proxy
8443/tcp filtered https-alt
9000/tcp filtered cslistener
MAC Address: 52:54:00:29:74:B3 (QEMU virtual NIC)
■sshログインを試す。
$ ssh nsroot@192.168.100.11
Password:
Done
>
■Web管理画面(GUI)からホスト名、DNSサーバ、NTPサーバ、Timezoneを指定して再起動。
$ firefox http://192.168.100.11
■Expressの標準ライセンスで使える範囲は以下。
> show license | grep -v NO
License status:
Web Logging: YES
Load Balancing: YES
Content Switching: YES
Cache Redirection: YES
SSL Offloading: YES
Content Filtering: YES
Rewrite: YES
IPv6 protocol translation: YES
Responder: YES
HTML Injection: YES
Web Interface on NS: YES
AppFlow: YES
CallHome: YES
Model Number ID: 20
License Type: Standard License
Licensing mode: Express
■以下の機能はそれぞれ有効化が必要。
> show license | grep NO
Surge Protection: NO
Sure Connect: NO
Compression Control: NO
Delta Compression: NO
Priority Queuing: NO
Global Server Load Balancing: NO
GSLB Proximity: NO
Http DoS Protection: NO
Dynamic Routing: NO
Content Accelerator: NO
Integrated Caching: NO
SSL VPN: NO
AAA: NO
OSPF Routing: NO
RIP Routing: NO
BGP Routing: NO
Application Firewall: NO
NetScaler Push: NO
CloudBridge: NO
ISIS Routing: NO
Clustering: NO
AppQoE: NO
Appflow for ICA: NO
RISE: NO
Front End Optimization: NO
Large Scale NAT: NO
RDP Proxy: NO
Reputation: NO
URL Filtering: NO
Video Optimization: NO
Forward Proxy: NO
SSL Interception: NO
Remote Content Inspection: NO
Adaptive TCP: NO
Connection Quality Analytics: NO
■shutdown時は、BSD形式なので、destoroyで止める。
$ strings /var/lib/libvirt/NSVPX-KVM-12.1-56.22_nc_64.qcow2 | grep FreeBSD.*boot
FreeBSD/x86 boot
\ $FreeBSD: release/8.4.0/sys/boot/forth/loader.4th 186789 2009-01-05 20:09:54Z luigi $
\ $FreeBSD: release/8.4.0/sys/boot/forth/screen.4th 115410 2003-05-30 09:29:24Z scottl $
%s: FreeBSD boot%s
FreeBSD/x86 bootstrap loader
\ $FreeBSD: release/8.4.0/sys/boot/forth/support.4th 187143 2009-01-13 12:28:14Z luigi $
\ $FreeBSD: release/8.4.0/sys/boot/forth/frames.4th 124648 2004-01-18 04:13:27Z nyan $
\ $FreeBSD: release/8.4.0/sys/boot/forth/beastie.4th 212914 2010-09-20 18:58:24Z jhb $
printmenuitem ." Boot FreeBSD [default]" bootkey !
printmenuitem ." Boot FreeBSD with ACPI " bootacpikey !
printmenuitem ." Boot FreeBSD in Safe Mode" bootsafekey !
printmenuitem ." Boot FreeBSD in single user mode" bootsinglekey !
printmenuitem ." Boot FreeBSD with verbose logging" bootverbosekey !
\ $FreeBSD: release/8.4.0/sys/boot/i386/loader/loader.rc 151874 2005-10-30 05:41:42Z scottl $
> shutdown
Are you sure you want to completely stop NetScaler (Y/N)? [N]:Y
Done
>
...
The operating system has halted.
Please press any key to reboot.
$ virsh destroy NetScaler-VPX
Domain NetScaler-VPX destroyed