I have always wanted to combine the power of the NetScaler and BSD shell in one seamless usable interface. To be able to leverage more advanced tools from the NetScaler shell, not just less and grep. It can be time consuming and confusing bouncing back and forth from the NetScaler shell and the BSD shell when troubleshooting. So I came up with a way that allows me to do everything from a single shell:

(Step by step)

NetScaler CLI:
Add a user
     > add system user MyROAccount r3@d0nly

Note: The MyROAccount is an example name. Any account can be used.

Create and bind a cmdPolicy that restricts what this user can do.
     > add system cmdPolicy nscli-ro ALLOW “(^show\\s)|(^stat\\s)|(^diff\\s)|(^whoami)”
     > bind system user MyROAccount nscli-ro 1

Note: The reason I restrict the account is that the password will be stored in clear text. This should not be a security issue as only users who have permission to drop to shell will be able to see it. Verify with your local security team first.

BSD CLI:
Create a bash function and make it persistent.
     # echo ‘ns() { nscli -U :MyROAccount:r3@d0nly “$@” ;}’ >> .bash_profile

Note: Using ns as the command is an example name. Any name can be used for the command as long as it does not conflict with an existing command (don’t try names like “rm” or “ls”).

That’s it. Exit and re-enter the shell (Ctrl-D then shell) and try it out.

Here are a couple examples:
############################
##my ns.conf server and service entries
#add server myserver1 1.1.1.1 -devno 9557
#add server myserver2 1.1.1.2 -devno 9558
#add server yourserver1 1.1.1.3 -devno 9559
#add server yourserver2 1.1.1.4 -devno 9560
#add service ns-ssh ns TCP 22
#add service myserver1-web-80 myserver1 HTTP 80
#add service myserver1-ssl-8443 myserver1 HTTP 8443
#add service myserver2-web-80 myserver2 HTTP 80
#add service yourserver1-http-80 yourserver1 HTTP 80
#add service yourserver2-http-80 yourserver2 HTTP 80
#add service yourserver2-udp-53 yourserver2 UDP 53
############################

Show all servers with web in the name or protocol HTTP:

# ns sh runn | awk “/my/ && /web|HTTP/”
add service myserver1-web-80 myserver1 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service myserver1-ssl-8443 myserver1 HTTP 8443 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service myserver2-web-80 myserver2 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

Show how many services are defined:

# ns sh service -f o | wc -l
9

Now both at the same time:

# ns sh runn | awk “/my/ && /web|HTTP/” | wc -l
3

Now my favorite BSD tools are available to me. Potential time savers could include commands like nsconmsg. Instead of needing the name of a vServer I could use the IP, parse out the name, and use it in my nsconmsg.

As with any command, make sure you understand what you are doing first. Even a command as simple as “cat” can cripple a system if used improperly.

Enjoy!

D