sshconnection vs terminal vs httpapi vs shell plugins

Archives Ansible Developer
1

Hello, community,
I am currently working on writing a new set of NetScaler collections for ansible.
We already have a collection maintained at https://github.com/citrix/citrix-adc-ansible-modules

I would like to extend this OR entirely change it to better.

NetScaler ADC under the hood is a FreeBSD OS and we have our own command prompt.

I need to take care of three things -

  1. collection modules for resources to configure the NetScaler device over NITRO (HTTP)
  2. module/plugin (I am not sure) to directly give FreeBSD commands (bypassing the initial NS-CLI prompt). This is for general OS operations like create directory, copy, tar/untar, run some shell scripts etc.
  3. module/plugin to directly give nscli such as show version, add lb vserver commands in the playbook to configure the NetScaler device.
    For points 2 and 3, we have a ssh-connection-plugin - https://github.com/citrix/citrix-adc-ansible-modules/blob/master/ansible-collections/adc/plugins/connection/ssh_citrix_adc.py

For point 1, we have modules

Now I see that there is a separate section in the Ansible documentation (https://docs.ansible.com/ansible/latest/network/dev_guide/index.html)

Also, I see many plugins such as httpapi, terminal, shell, network_cli etc.

  • Can you please help to understand the difference between these?
  • What are the benefits I get if I choose httpapi plugin over our existing collection modules which uses ansible’s fetch_url function?

so that I can think of writing these plugins for our NetScaler ADC devices.

Thanks in advance,
Sumanth Lingappa

2

shell plugins are basically for dealing with common commands in
different shell environments, i.e create a temp dir, figure out the
remote user home, etc

terminal plugins are really regex for matching prompts when not using
a shell, they are for use with netcli/net_conf plugins

httpapi/netcli/netconf plugins are "secondary connection pluigins"
that are designed to run the module under 'local' connection and have
the 2nd (true) connection to the device available to the module
itself, for it to send commands over and receive feedback (where they
might need to match against the terminal plugin).

3

Thank you for your response Brian.

Can you please help me to decide the following?
Do you see any advantage for us if we rewrite with new plugins than sticking to our ssh-connection?

We have a ssh-connection plugin written almost 5 years ago.
Examples you can find here: https://github.com/citrix/citrix-adc-ansible-modules/tree/master/sample_playbooks/citrix_adc/citrix_adc_connection_plugin
The code to the above ssh-connection is here: https://github.com/citrix/citrix-adc-ansible-modules/blob/master/ansible-collections/adc/plugins/connection/ssh_citrix_adc.py

Here we are connecting to the SHELL prompt directly on our NetScaler device, and then trying to run commands using nscli script.

I think, if we can directly connect to our NetScaler prompt, we can directly send the “show version” (for eg) commands directly and get output. In my understanding, that’s where the terminal plugin comes from.

Since our existing ssh-connection was written a while ago (5 years), I am sure there must be a great good way in Ansible to connect to NetScaler (networking devices), which I am missing. Eg., terminal netcli, net_conf etc

Sumanth

4

That is not something I feel i can give advice on as I don't know the
product well and have no idea about your resource availability and
objectives.

Context is everything and as an outsider I barely have a sliver of it
nor will you be able to give me enough in a few emails to give you
relevant advice.

5

Thank you Brian. Your first email response will be helpful to decide in my situation.

Thanks again.