Contact Support

Customers who viewed this article also viewed

banner icon

Identify Changes in NetScaler build files with

File Integrity Monitoring

Learn More Watch Video
CTX218966 {{tooltipText}}

How to Remove and Replace a NetScaler in High Availability (HA) Pair Setup

Applicable Products

  • NetScaler

Objective

This article helps you address RMA replacements and includes instruction on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on NetScaler.

Before you Begin

  • Label all interfaces/cables prior to swap

Requirements

  •   A Windows client or server with network access.
  •   Putty and Putty PSCP (for download here) – (Be sure to install PSCP, it is not installed by default!)
  •   A NetScaler HA pair that is accessible via SSH (port 22 usually).

Considerations

The following configurations are not synchronized or propagated in an HA configuration in INC (Independent Network Configuration) or non-INC mode:
  • All node specific HA configuration commands. For example - add ha node, set ha node, and bind ha node.
  • All Interface related configuration commands. For example - set interface and unset interface.
  • All channel related configuration commands. For example - add channel, set channel, and bind channel.
  • All Interface “HAMonitoring” configuration commands.
The following configurations are not synced nor propagated in an HA configuration in INC mode (Independent Network Configuration)
  • MIPs
  • SNIPs
  • VLANs
  • Routes (except LLB routes)
  • Route monitors
  • RNAT rules (except any RNAT rule with VIP as the NAT IP)
  • Dynamic routing configurations

Instructions

Complete the following steps to replace a NetScaler in high availability pair setup:

Remove an Active NetScaler Secondary Pair Member

  1. Log on to both NetScalers and run the following command to confirm which node is Primary and which node is Secondary:
    show ha node
  2. Log on to the Primary NetScaler, backup the configurations on the Primary node, and copy the files off of the NetScaler prior to the changes.
    The steps are as follows:

    These files are located under “/var /ns_sys_backup/” directory.

    1. Save the NetScaler running configurations to memory:
      save ns config
    2. Create the full backup file package:
      create system backup -level full
    3. Create the basic backup file package.
      create system backup -level basic
  3. After all backup files have been generated, be sure to copy them off of the device before proceeding.
    From a windows terminal, open a Command Prompt and copy the backup files off of the NetScaler and onto your local hard drive. This can be done using the following command:
    pscp <username>@<NSIP>:<Target file source>  <Target file destination>
    For example:
    pscp nsroot@10.125.245.78:/var/ns_sys_backup/backup_basic_10.125.245.78_2016_09_14_15_08.tgz c:\nsbackup\backup_basic_10.125.245.78_2016_09_14_15_08.tgz
    When prompted, enter the password for the specified administrator account, then hit “Enter”. Repeat these steps until all backup bundles are copied to the local PC before proceeding.
  4. SSH into the Secondary NetScaler, and set the unit to the “STAYSECONDARY” status. This will force the unit to not attempt to assume Primary role in the event of detected failure during the swap. Confirm that you are connected to the Secondary NetScaler before executing this step
    set ha node –haStatus <state>
    set ha node –haStatus STAYSECONDARY
  5. Once the Secondary NetScaler's “Node State” successfully displays “STAYSECONDARY”, switch to the Primary NetScaler and delete the secondary node and run the following command:
    save ns config

    While logged into the Primary NetScaler, run the following commands

    1. Run the following command to identify which numerical value represents the Secondary HA node:
      show ha node
    2. Run the following command to remove the Secondary NetScaler from the Primary HA pair;
      rm ha node <node ID>
    3. Run the following command to save the configuration:
      save ns config -
    4. With the Secondary NetScaler now removed, shutdown, disconnect, and remove the Secondary NetScaler from the network.
      Note: Be sure to label all connections before disconnecting.

Back to top

Configure Replacement Secondary NetScaler

  1. With the replacement NetScaler in place, power up the new device. DO NOT CONNECT the network connections at this point.
  2. With boot-up complete, use the console port to connect to the NetScaler and configure the NSIP that you will use to connect to the unit.

    User-added image

  3. When prompted select “4”.
    Note: In this example, we are using a different NSIP for the replacement NetScaler. If you wish to use the original secondary unit’s IP, You may change it on the replacement before binding the new NetScaler to the Primary HA unit.
  4. The NetScaler should now be booted. Now connect the network interface that will be used for Management traffic, and confirm that the IP address is reachable from your network.

Back to top

Verify and Update the Software Build on Replacement NetScaler

Before syncing the new unit to the Primary NetScaler, we need to ensure that both NetScalers are running the same build.

  1. To verify the version on NetScaler run the following command:
    show version
  2. While on the new Secondary NetScaler, create a sub folder in “/var” to be used for the upgrade.
  3. Go to Citrix Downloads and download the appropriate package that matches the build version running on the Primary NetScaler.
  4. Download and extract the .tgz file:
    tar -xvzf "file.tgz"
  5. Copy the extracted files to the Secondary NetScaler. On your windows terminal, open a “Command Prompt” and navigate to the directory containing the extracted .tgz build package and run the following pscp command:
    pscp <Target file source>  <username>@<NSIP>:<Target file destination>
    For example:
    C:\inetpub>pscp c:\inetpub\build-11.1-47.14_nc.tgz nsroot@10.125.245.80:/var/NS_upg_11.1_47.14/build-11.1-47.14_nc.tgz
  6. After the file has been transferred, return to the Secondary NetScaler and upgrade. For detailed instructions refer to Citrix Documentation - Upgrading a NetScaler Standalone Appliance.
  7. Once the new Secondary has rebooted, SSH back into the unit and confirm that the upgrade is successful and the build matches that of the primary.

Back to top

Set Password on New Secondary to Match Primary

Note: If at this point you wish to change the management IP of the new Secondary NetScaler, you may do so before moving forward.
Now that the new Secondary NetScaler is up to date, it is time to change the password on the new Secondary NetScaler to match the password that is currently on the Primary NetScaler. The following instructions will walk you through the process.

  1. Ensure that the “nsroot” account password is the same as the primary NetScaler. This is accomplished using the following command while logged in via SSH into the new Secondary unit:
    set system user <user> <password>
    This command will set/reset the password for the target user
  2. SSH into the Primary and new Secondary NetScaler and confirm that passwords match.

With the password confirmed across both units, we are now ready to bind them to create an HA pair.

Back to top

Add Licenses to Replacement NetScaler

With the new NetScaler updated and ready for pairing, we must now download and install the appropriate licensing for the replacement unit.
  1. Navigate to https://www.mycitrix.com to request and download licenses for the new replacement unit. 
  2. Once you have all appropriate licenses downloaded, SSH into the new Secondary NetScaler and type the following command to see the current state of licensing:
    show license
  3. From the Windows terminal command prompt you must now upload the license files to the new Secondary NetScaler using the following command:
    Note: If you have multiple licenses, repeat this step until all licenses are uploaded.
    “pscp <Target file source>  <username>@<NSIP>:<Target file destination>”
    For example:
    “C:\inetpub>pscp c:\inetpub\NS-VPX-3K-LIC-020030ad0024.lic nsroot@10.125.245.80:/nsconfig/license/NS-VPX-3K-LIC-020030ad0024.lic”
  4. SSH into the new Secondary NetScaler and perform a warm reboot using the following command:
    reboot –w
    After the unit has completed reboot, SSH into the unit and run show license command once again. At this point, the licenses should be applied.

Back to top

Creating HA Pair between Primary and New Secondary NetScaler

At this point, we are now ready to join the NetScaler units into an HA pair. For details regarding this process, refer to CTX116748 - How to Set Up a High Availability Pair on NetScaler.

Back to top


Additional Resources