Skip to content

Latest commit

 

History

History

onboarding-helper

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
README.md
README.md
 
 
terraform-onboarding.ps1
terraform-onboarding.ps1
 
 
terraform.tf
terraform.tf
 
 

README.md

Citrix Provider Site Onboarding Automation

This automation script is designed to onboard an existing site to Terraform. It collects the list of resources from DDC, imports them into Terraform, and generates the Terraform skeletons for the site resources. Please note that this onboarding script is still in tech preview.

Environment Requirements

  • PowerShell version 5.0 or higher
  • Citrix Provider version 1.0.14
  • For On-Premises Customers: CVAD DDC version 2311 or newer.

Workflow:

Getting Started

  1. Create a new folder for your Terraform project.
  2. Initialize Terraform in the newly created folder by running the following command:
terraform init
  1. Set up the Citrix Terraform provider locally. For instructions, refer to the Citrix Provider Documentation.
  2. (Cloud only) create a Citrix Cloud service principal with at least the Read Only Administrator role to the DDC. This will be used for the ClientId and ClientSecret in the next step.

Onboarding Process

  1. Create a new folder for your Terraform project.
  2. Copy the terraform-onboarding.ps1 script and terraform.tf to the terraform project directory created in step 1.
  3. Open a PowerShell session with Administrator privileges.
  4. Navigate to the directory where the terraform-onboarding.ps1 script is located.
  5. Set the execution policy by running the following command in the PowerShell session: 
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force
  6. Run the script with the following command:
  • For Citrix Cloud customers 
    .\terraform-onboarding.ps1 -CustomerId "{CustomerId}" -ClientId "{ClientId}" -ClientSecret "{ClientSecret}" -Environment "{Environment}"
  • For Citrix on-premises customers 
    .\terraform-onboarding.ps1 -ClientId "{ClientId}" -ClientSecret "{ClientSecret}" -DomainFqdn "{Domain FQDN}" -HostName "{HostName}"
    Replace the placeholders {...} with your actual values. Here's what each parameter means:
    • CustomerId:
      • For Citrix Cloud customers only (Required): Your Citrix Cloud customer ID. This is only applicable for Citrix Cloud customers.
    • ClientId: Your client ID for Citrix DaaS service authentication.
      • For Citrix On-Premises customers: Use this to specify a DDC administrator username.
      • For Citrix Cloud customers: Use this to specify a Citrix Cloud service principal ID.
    • ClientSecret: Your client secret for Citrix DaaS service authentication.
      • For Citrix on-premises customers: Use this to specify a DDC administrator password.
      • For Citrix Cloud customers: Use this to specify Citrix Cloud service principal secret.
    • DomainFqdn: Your client secret for Citrix DaaS service authentication.
      • For Citrix on-premises customers only (Required): Use this to specify Domain FQDN.
    • HostName: The host name or base URL of your Citrix DaaS service.
      • For Citrix on-premises customers (Required): Use this to specify Delivery Controller hostname.
      • For Citrix Cloud customers (Optional): Use this to force override the Citrix DaaS service hostname.
    • Environment:
      • For Citrix Cloud customers only (Optional): Your Citrix Cloud environment. The available options are Production and Staging. The default value is Production.
    • SetDependencyRelationship (Switch): Add this switch to create dependency relationships between resources by replacing resouce ID with resource references.
    • DisableSSLValidation (Switch):
      • For Citrix on-premises customers only: Add this switch to disable SSL validation on both the PowerShell session and the provider client. SSL validation has to be disabled for this script to work if your on-premises DDC does not have a valid SSL certificate.

  1. Wait for the script to complete. The execution time will depend on the complexity of the onboarding process and the resources being imported.

  2. Once the script has finished running, check the .tf files for the output. The Terraform state file should also be updated with the site terraform resources.

  3. Please note that the onboarding script masks out values for all sensitive attributes present in the generated terraform files. Please update these placeholders with the appropriate values.

  4. At this point if you run terraform plan, you should only see the sensitive attributes from step 9 being updated.

  5. Run terraform apply. This will synchronize the state file with the values of the sensitive attributes updated in step 9.

  6. If you run terraform plan again, you should see the following message: No changes. Your infrastructure matches the configuration.. This indicates that all the Citrix resources have been successfully onboarded.

Known Issues/Debugging:

  1. While running the script for On-Premises customers if it throws an exception as stated below:
Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Solution : Disable SSL validation by adding -DisableSSLValidation to the command.

.\terraform-onboarding.ps1 -ClientId "{ClientId}" -ClientSecret "{ClientSecret}" -DomainFqdn "{Domain FQDN}" -HostName "{HostName}" -DisableSSLValidation