Create maintenance page for vRealize Automation

Datetime:2017-03-02 05:30:17         Topic: VPS          Share        Original >>
Here to See The Original Article!!!

Inmy previous post I’ve showed you how to configure some of the most common ADCs in order to offload the SSL sessions for vRA. Now I am going to show you how you can use some of the benefits that come with SSL termination.

One of this benefits is the ability to serve content directly from the ADC based on some logic. The goal of this post is to help you configure “Outage page” and “Maintenance page” for your vRA environment. You can use only one of the pages or both together. I am going to cover the configuration of F5 BIGIP and Citrix NetScaler.

Maintenance page– this page will be assigned manually during maintenance activities and will inform the users that planned maintenance is being performed. It also allows you to exclude IP ranges from the redirect rule.

Outage page– this page will be always assigned and in case all of the vRA appliances are down it will show a page informing the users that vRA is not available

As a general precaution test this procedure in your lab and deploy it in production at your own risk.

Citrix NetScaler

Create Responder Actions

First we need to create our Responder Actions so the LB can serve HTML pages

Head to NetScaler > AppExpert > Responder > Responder Actions

For our Outage page

Addnew action with the following parameters:

Name: outage_page_action

Type: Respond with HTML page

HTML page: [Import your html page here, see below for example]

Response status code: 503

For our Maintenance page

Addnew action with the following parameters:

Name: maintenance_page_action

Type: Respond with HTML page

HTML page: [Import your html page here, see below for example]

Response status code: 503

Example: Outage HTML page with refresh every 10 seconds

<!doctype html>
<title>Something went wrong</title>
<meta http-equiv="refresh" content="10">
<style>
  body { text-align: center; padding: 150px; }
  h1 { font-size: 50px; }
  body { font: 20px Helvetica, sans-serif; color: #333; }
  article { display: block; text-align: left; width: 650px; margin: 0 auto; }
  a { color: #dc8100; text-decoration: none; }
  a:hover { color: #333; text-decoration: none; }
</style>
<article>
    <h1>Something went wrong</h1>
    <div>
        <p>Sorry for the inconvenience but vRA is not accessible at the moment.
           Please report this error to  test@test.email.</p>
        <p>The Team</p>
    </div>

Example: Maintenance HTML page with refresh every 10 seconds

<!doctype html>
<title>Site maintenance</title>
<meta http-equiv="refresh" content="10">
<style>
  body { text-align: center; padding: 150px; }
  h1 { font-size: 50px; }
  body { font: 20px Helvetica, sans-serif; color: #333; }
  article { display: block; text-align: left; width: 650px; margin: 0 auto; }
  a { color: #dc8100; text-decoration: none; }
  a:hover { color: #333; text-decoration: none; }
</style>
<article>
<h1>We will be back soon!</h1>
    <div>
        <p>Sorry for the inconvenience but we are performing some maintenance at the moment.
           If you need to you can always contact us at test@test.email, otherwise we will be back online shortly!</p>
        <p>The Team</p>
    </div>

Create Responder Policies

After we have our actions in place we need to create policies using them

Head to NetScaler > AppExpert > Responder > Responder Policies

For our Outage page

Addnew Responder Policy with the following attributes:

Name: outage_page_action_policy

Action: outage_page_action

Expression: TRUE

For our Maintenance page

During planned maintenance we need to show the maintenance page to our end users, but we also need to make sure that the vRA systems can communicate with each other.

That is why we need to create an expression which contains all the IP addresses of our vRA components – IaaS Managers, IaaS Web, vRA appliances and others. Those addresses will not be redirected to the maintenance page.

You can also add the IP addresses or subnets from which the vRA admins are connecting to vRA, that way they can test and debug during maintenance.

Addnew Responder Policy with the following attributes:

Name: maintenance_page_action_policy

Action: maintenance_page_action

Expression: CLIENT.IP.SRC.IN_SUBNET(10.23.90.0/24).NOT||CLIENT.IP.SRC.IN_SUBNET(10.23.89.0/24).NOT

Alternatively if you want to list specific IP addresses you can use CLIENT.IP.SRC.NE(10.23.89.101)||CLIENT.IP.SRC.NE(10.23.90.223) and so on.

Create dummy Service

(Required only for the Outage page)

We need to create dummy Service and ensure that it will always be up.

You can assign any back-end IP to it since you will never be redirected to that IP.

Just make sure you are not assigning IP that you might disable later on.

Head to

NetScaler > Traffic Management > Load Balancing > Services

Add

new service with the following attributes:

Name: outage_page_srv

IP address: 1.1.1.1 (or anything else, this one is not vital)

Protocol: SSL

Port: 443

Health monitoring: Off

Create dummy Virtual Server

(Required only for the Outage page)

Now we need to create dummy Virtual Server.

You do need an IP address for this one as it won`t be directly addressable.

Head to

NetScaler > Traffic Management > Load Balancing > Virtual Servers

Add

new virtual server with the following attributes:

Name: outage_page_vs

Protocol: SSL

IP address type: Non addressable

Service binding: outage_page_srv

Server certificates: Select your vRA certificate+key pair

Add Policy: Responder

Add Policy type: Request

Policy name: outage_page_action_policy

Here is the mapping:

Assign the Outage page VS to the vRA virtual appliances VS

(Required only for the Outage page)

Now we need to assign the Outage page VS as a backup for our vRA virtual appliances VS.

That way when the vRA virtual appliances are down the user will see our outage page.

Head to

NetScaler > Traffic Management > Load Balancing > Virtual Servers

Edit

your vRA VA VS – vs_vra-va-00_443 (I used that name in my previous post, yours might differ)

Click on the + Protection button from the left panel and enter the following info:

Backup virtual server: outage_page_vs

During maintenance: Assign the Maintenance page policy to the vRA virtual appliances VS

To redirect our users to the maintenance page during planned activities we need to assign the maintenance policy to our vRA VA VS.

Head to

NetScaler > Traffic Management > Load Balancing > Virtual Servers

Edit

your vRA VA VS – vs_vra-va-00_443 (I used that name in my previous post, yours might differ)

Click on the +Policies button from the left panel and enter the following:

Policy: Responder

Type: Request

Policy name: maintenance_page_action_policy

Note that the best practice during maintenance is to disable all related ADC monitors. If those are not disabled the ADC will serve the Outage page instead.

After your planned activities are over, follow the same procedure and remove the Policy from the Virtual Server.

F5 BIGIP LTM

Create Data Group

(Required only for the Maintenance page)

During planned maintenance we need to show the maintenance page to our end users, but we also need to make sure that the vRA systems can communicate with each other.

That is why we need to create a data group which contains all the IP addresses of our vRA components – IaaS Managers, IaaS Web, vRA appliances and others. Those addresses will not be redirected to the maintenance page.

You can also add the IP addresses or subnets from which the vRA admins are connecting to vRA, that way they can test and debug during maintenance.

Go to Local Traffic  >  iRules : Data Group List

Createa Data Group with name vRA_addresses (important we use this exact name later on in our iRule, if you want to use different name change it there as well) and populate it with the IP addresses of every vRA component.

Create iRules

First we need to create new iRule for the outage page which will be shown in case of unexpected failure.

Note the HTML is embedded in the iRule so feel free to modify it.

Go to Local Traffic  >  iRules : iRule List 

Createan iRule with name outage_page_irule_automatic

Paste the following in Definition:

when RULE_INIT {
    # sets the timer to return client to host URL
    set static::stime 10
}

when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}




when HTTP_REQUEST {
   # If the default pool is down, redirect to the maintenance page
   if { [active_members $default_pool] < 1 } {
         # Send an HTTP 503 response with a Javascript meta-refresh pointing to the host using a refresh time
         HTTP::respond 503 content \
"<!doctype html><title>Something went wrong</title> \
<meta http-equiv='REFRESH' content=$static::stime;url=[HTTP::uri]> \
<style>  \
body { text-align: center; padding: 150px; }  \
h1 { font-size: 50px; } 
body { font: 20px Helvetica, sans-serif; color: #333; }  \
article { display: block; text-align: left; width: 650px; margin: 0 auto; }  \
a { color: #dc8100; text-decoration: none; }\
  a:hover { color: #333; text-decoration: none; }\
</style>\

<article>\
    <h1>Something went wrong</h1> \
    <div> \
        <p>Sorry for the inconvenience but vRA is not accessible at the moment. \
           Please report this error to  test@test.email.</p> \
        <p>The Team</p> \
    </div>" "Content-Type" "text/html"
      return
   }
}

Now let’s create the iRule which you will assign during planned maintenance

Createan iRule with name maintenance_page_irule_manual

when HTTP_REQUEST {
    # Do not show to the vRA components
 if { ! [class match [IP::client_addr] equals vRA_addresses] } {
   # Always show the maintenance page
    HTTP::respond 503 content \
"<!doctype html><title>Site Maintenance</title> \
<meta http-equiv='REFRESH' content=$static::stime;url=[HTTP::uri]> \
<style>  \
body { text-align: center; padding: 150px; }  \
h1 { font-size: 50px; } 
body { font: 20px Helvetica, sans-serif; color: #333; }  \
article { display: block; text-align: left; width: 650px; margin: 0 auto; }  \
a { color: #dc8100; text-decoration: none; }\
  a:hover { color: #333; text-decoration: none; }\
</style>\
<article>\
    <h1>We will be back soon!</h1> \
    <div> \
        <p>Sorry for the inconvenience but we are performing some maintenance at the moment. \
           If you need to you can always contact us at test@test.email, otherwise we will be back online shortly!</p> \
        <p>The Team</p> \
    </div>" "Content-Type" "text/html"
      return
}
}

Bind the automatic outage page to our vRA virtual appliances VS

(Required only for the Outage page)

Now we need to edit our vRA appliances VS, assign HTTP profile to it and bind the iRule.

Go to Local Traffic  >  Virtual Servers : Virtual Server List and find your vRA appliances VS.

(In my previous post I have named it vs_vra-va-00_443 yours however may differ)

Click Edit and set the following attributes:

HTTP Profile Client: http

HTTP Profile Server: (Use Client Profile)

Click Update

Now click on the Resources tab and in the iRules section choose iRule outage_page_irule_automatic

Click Update again

Here how the mapping should look like:

During maintenance: Bind the planned maintenance page to our vRA virtual appliances VS

During planned maintenance, we need to change the iRule so we can make sure that the maintenance page is displayed to our end users, but the vRA components can still communicate.

Go to Local Traffic  >  Virtual Servers : Virtual Server List and find your vRA appliances VS.

(In my previous post I have named it vs_vra-va-00_443 yours however may differ.)

Click Edit and go to Resources find iRule outage_page_irule_automatic and change it with

maintenance_page_irule_manual.

Click Update and you are ready.

Note that the best practice during maintenance is to disable all related ADC monitors. If those are not disabled the ADC will serve the Outage page instead.

After your planned activities are over, follow the same procedure and assign the outage_page_irule_automatic iRule.

If you are interested in more articles like this one stay tuned on VMware Blogs.

Take a vRealize Automation 7 Hands-On lab !








New