Objective
This article helps you address RMA replacements and includes instruction on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on NetScaler.
Before you Begin
- Label all interfaces/cables prior to swap
Requirements
- A Windows client or server with network access.
- Putty and Putty PSCP (for download here) – (Be sure to install PSCP, it is not installed by default!)
- A NetScaler HA pair that is accessible via SSH (port 22 usually).
Considerations
The following configurations are not synchronized or propagated in an HA configuration in INC (Independent Network Configuration) or non-INC mode:- All node specific HA configuration commands. For example - add ha node, set ha node, and bind ha node.
- All Interface related configuration commands. For example - set interface and unset interface.
- All channel related configuration commands. For example - add channel, set channel, and bind channel.
- All Interface “HAMonitoring” configuration commands.
- MIPs
- SNIPs
- VLANs
- Routes (except LLB routes)
- Route monitors
- RNAT rules (except any RNAT rule with VIP as the NAT IP)
- Dynamic routing configurations
Instructions
Complete the following steps to replace a NetScaler in high availability pair setup:
- Remove an Active NetScaler Secondary Pair Member
- Configure Replacement Secondary NetScaler
- Verify and Update the Software Build on Replacement NetScaler
- Set Password on New Secondary to Match Primary
- Add Licenses to Replacement NetScaler
- Creating HA Pair between Primary and New Secondary NetScaler
Remove an Active NetScaler Secondary Pair Member
- Log on to both NetScalers and run the following command to confirm which node is Primary and which node is Secondary:
show ha node - Log on to the Primary NetScaler, backup the configurations on the Primary node, and copy the files off of the NetScaler prior to the changes.
The steps are as follows:These files are located under “/var /ns_sys_backup/” directory.
- Save the NetScaler running configurations to memory:
save ns config - Create the full backup file package:
create system backup -level full - Create the basic backup file package.
create system backup -level basic
- Save the NetScaler running configurations to memory:
- After all backup files have been generated, be sure to copy them off of the device before proceeding.
From a windows terminal, open a Command Prompt and copy the backup files off of the NetScaler and onto your local hard drive. This can be done using the following command:
pscp <username>@<NSIP>:<Target file source> <Target file destination>
For example:
pscp nsroot@10.125.245.78:/var/ns_sys_backup/backup_basic_10.125.245.78_2016_09_14_15_08.tgz c:\nsbackup\backup_basic_10.125.245.78_2016_09_14_15_08.tgz
When prompted, enter the password for the specified administrator account, then hit “Enter”. Repeat these steps until all backup bundles are copied to the local PC before proceeding. - SSH into the Secondary NetScaler, and set the unit to the “STAYSECONDARY” status. This will force the unit to not attempt to assume Primary role in the event of detected failure during the swap. Confirm that you are connected to the Secondary NetScaler before executing this step
set ha node –haStatus <state>
set ha node –haStatus STAYSECONDARY - Once the Secondary NetScaler's “Node State” successfully displays “STAYSECONDARY”, switch to the Primary NetScaler and delete the secondary node and run the following command:
save ns configWhile logged into the Primary NetScaler, run the following commands
- Run the following command to identify which numerical value represents the Secondary HA node:
show ha node - Run the following command to remove the Secondary NetScaler from the Primary HA pair;
rm ha node <node ID> - Run the following command to save the configuration:
save ns config - - With the Secondary NetScaler now removed, shutdown, disconnect, and remove the Secondary NetScaler from the network.
Note: Be sure to label all connections before disconnecting.
- Run the following command to identify which numerical value represents the Secondary HA node:
Configure Replacement Secondary NetScaler
- With the replacement NetScaler in place, power up the new device. DO NOT CONNECT the network connections at this point.
- With boot-up complete, use the console port to connect to the NetScaler and configure the NSIP that you will use to connect to the unit.
- When prompted select “4”.
Note: In this example, we are using a different NSIP for the replacement NetScaler. If you wish to use the original secondary unit’s IP, You may change it on the replacement before binding the new NetScaler to the Primary HA unit. - The NetScaler should now be booted. Now connect the network interface that will be used for Management traffic, and confirm that the IP address is reachable from your network.
Verify and Update the Software Build on Replacement NetScaler
Before syncing the new unit to the Primary NetScaler, we need to ensure that both NetScalers are running the same build.
- To verify the version on NetScaler run the following command:
show version - While on the new Secondary NetScaler, create a sub folder in “/var” to be used for the upgrade.
- Go to Citrix Downloads and download the appropriate package that matches the build version running on the Primary NetScaler.
- Download and extract the .tgz file:
tar -xvzf "file.tgz" - Copy the extracted files to the Secondary NetScaler. On your windows terminal, open a “Command Prompt” and navigate to the directory containing the extracted .tgz build package and run the following pscp command:
pscp <Target file source> <username>@<NSIP>:<Target file destination>
For example:
C:\inetpub>pscp c:\inetpub\build-11.1-47.14_nc.tgz nsroot@10.125.245.80:/var/NS_upg_11.1_47.14/build-11.1-47.14_nc.tgz - After the file has been transferred, return to the Secondary NetScaler and upgrade. For detailed instructions refer to Citrix Documentation - Upgrading a NetScaler Standalone Appliance.
- Once the new Secondary has rebooted, SSH back into the unit and confirm that the upgrade is successful and the build matches that of the primary.
Set Password on New Secondary to Match Primary
Note: If at this point you wish to change the management IP of the new Secondary NetScaler, you may do so before moving forward.
Now that the new Secondary NetScaler is up to date, it is time to change the password on the new Secondary NetScaler to match the password that is currently on the Primary NetScaler. The following instructions will walk you through the process.
- Ensure that the “nsroot” account password is the same as the primary NetScaler. This is accomplished using the following command while logged in via SSH into the new Secondary unit:
set system user <user> <password>
This command will set/reset the password for the target user - SSH into the Primary and new Secondary NetScaler and confirm that passwords match.
With the password confirmed across both units, we are now ready to bind them to create an HA pair.
Add Licenses to Replacement NetScaler
With the new NetScaler updated and ready for pairing, we must now download and install the appropriate licensing for the replacement unit.- Navigate to https://www.mycitrix.com to request and download licenses for the new replacement unit.
- Once you have all appropriate licenses downloaded, SSH into the new Secondary NetScaler and type the following command to see the current state of licensing:
show license - From the Windows terminal command prompt you must now upload the license files to the new Secondary NetScaler using the following command:
Note: If you have multiple licenses, repeat this step until all licenses are uploaded.
“pscp <Target file source> <username>@<NSIP>:<Target file destination>”
For example:
“C:\inetpub>pscp c:\inetpub\NS-VPX-3K-LIC-020030ad0024.lic nsroot@10.125.245.80:/nsconfig/license/NS-VPX-3K-LIC-020030ad0024.lic” - SSH into the new Secondary NetScaler and perform a warm reboot using the following command:
reboot –w
After the unit has completed reboot, SSH into the unit and run show license command once again. At this point, the licenses should be applied.
Creating HA Pair between Primary and New Secondary NetScaler
At this point, we are now ready to join the NetScaler units into an HA pair. For details regarding this process, refer to CTX116748 - How to Set Up a High Availability Pair on NetScaler.
Additional Resources
- CTX116748 - How to Set Up a High Availability Pair on NetScaler.
- CTX127455 - How to Upgrade Software on NetScaler Appliances in High Availability Setup
- CTX126793 - Best Practices for Upgrading NetScaler or NetScaler Gateway Appliances
- Citrix Documentation - Backing up and Restoring the NetScaler Appliance
- Citrix Documentation - Configure high availability