lundi 22 décembre 2014

Customize netscaler 10.1 "AAA TM" login page on HA pair

I had trouble finding the right answer as to how to customize the netscaler 10.1.x AAA login page to reflect company instead of the citrix black page and to have these customization stick after a reboot.

There are many ressource out there that explain how to do the customization (mostly login.js and then the 2 digit language xml file (en.xml, fr.xml,etc )

I finally found out that things have changed in netscaler 10.1 and that using the rc.netscaler startup script to copy your file over doesn't work anymore. What you need to do is customize to your liking the various files found in /netscaler/gui folder. DO NOT REBOOT as this will get you to loose your changes. (if all is screwed then rebooting will fix the issue)

NOTE: Keep a copy of the changed files on your corporate network as you will need them again later.

When using an HA pair, do the change on the active unit.

Test untill you management are fully happy of the change you have done.

Create a directory for the customized files --> connect to the netscaler using putty and then type:  

shell 
 
mkdir /var/ns_gui_custom


Create an archive of all the files in /netscaler/ns_gui folder named customtheme.tar.gz

cd /netscaler

tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*



Repeat on the secondary unit or copy your customtheme.tar.gz using winscp to the /var/ns_gui_custom folder on the secondary unit.

Finally, change the netscaler to use the custom theme:
From the gui, expand "Netscaler Gateway" and choose "Global Settings" in the right pane,  select: "Change Global Setting". Go to the "Client experience" tab and set the UI theme to "Custom" and click O. This will take a bit of time while the netscaler process the file and apply it as the default theme. (This will be synced with the secondary node as long as you copied the customtheme.tar.gz file)

SAVE THE CHANGE

Now you can reboot the netscaler at will and your change will "stcik".


WARNING
Before upgrading the netscaler firmware, it is strongly advised to revert to the default theme, upgrade the netscaler to the newer version, test if all is working good with the default theme, when all is good, repeat the procedure above to create a new customtheme.tar.gz and switch back to the custom theme. 

Before applying the new custom theme, you need to remove the old customtheme.tar.gz and all the files in /var/ns_gui_custom/ns_gui/

rm -r /var/ns_gui_custom/ns_gui/*
rm /var/ns_gui_custom/customtheme.tar.gz

Sometimes the old theme will works almost everywhere untill you go into a submenu and get a prompt "access denied"... this happened to me while using a different version of custom theme I went to create a new service group and got that pop-up message. This had me scratch my head for a while to figure out why as a global administrator I was denied access to a function that was working fine before.

WARNING #2
DO NOT USE NOTEPAD / WORDPAD etc to create / edit the rc.netscaler. Use the winscp editor (and cut / paste stuff from wordpad) to create / edit rc.netscaler
(it's all to do with windows / unix having different end-of-line sequences!).
If you DO wrongly use wordpad or notepad, then netscaler never gets beyond the end of the first line... and doesn't even execute that first line!

Credit goes to Paul Blitz from the netscaler forum for all these instruction.