Load balancer scripts

Guardium® External S-TAP requires integration with a load balancer to help provide redundancy to eliminate a single point of failure.

Guardium provides two sample load balancer integration scripts that you can use as a base for your own script. The scripts provide a set of functions that are called by the Guardium External S-TAP deployment script to create and manage the load balancer configuration for your environment. In coordination with the load balancer integration script, the load balancer allows you to upgrade External S-TAP instances without impacting traffic between the client and server.
Important: If your site chooses not to use the load balancing script, make sure that you have another load balancing solution in place.
Note: Within the scripts, ignore any line that contains the phrase STATE=. Those lines are for internal use only.

You can use one of the sample scripts as a base, but actual implementation details will vary according to your needs. Both of the sample scripts include the required load balancer functions, which are described in Table 1. Changes will be required to either script to meet your site's needs.

  • The lb_interface_nginx.sh sample script provides a sample NGINX-based implementation.
  • The lb_interface_echo.sh sample script provides information about a generic implementation and echoes back information about elements in the script.
Important: Do not run the load balancing script directly. Always call the script from the External S-TAP deployment script, with the script name as the first argument , for example, --lb-script filename (where filename is the name of your load balancing script).

The load balancer is activated when the External S-TAP is deployed.

The functions described in Table 1 are required, and must use the exact function names provided. Change each function as needed to meet your site's requirements.
Table 1. Load balancing script functions
Function name Meaning
lb_import_state()

Takes a state file that is created by the deployment script and builds up the load balancer configuration. The file format is as follows:

Container 1 information
Container 2 information
...
Container n information

Where each line contains the following information as a comma-separated list:

  • host where container is running
  • external port on host for container
  • internal container listen port
  • listen port on database
  • container name

The lb_import_state function prepares the configuration from the state provided. The state is passed to lb_import_state, which is called once each time the deployment script runs, and always before any other function.

lb_redirect_around_containers() Changes the configuration that is created by lb_import_state to temporarily direct traffic around (rather than through) the Docker containers. Receives two parameters that describe the host and port of the target server. Used to temporarily remove interception by External S-TAP instances for debugging and testing.
lb_add_one() Takes two parameters, the host and port of the External S-TAP Docker container to add. The lb_add_one function uses the configuration that is prepared in lb_import_state to add a container to the configuration.
lb_remove_one() Takes two parameters, the host and port of the External S-TAP Docker container to remove. The lb_remove_one function uses the configuration that is prepared in lb_import_state to remove the container from the configuration.
lb_apply_config() Takes no parameters. Applies the current state of the configuration to the load balancer. Can be called multiple times per run of the deployment script.
lb_teardown_config() Takes no parameters. Deactivates the load-balancer. Call this function is to remove the External S-TAP containers as part of an uninstall process.
lb_cleanup() Takes no parameters. Performs any cleanup necessary to remove temporary files. Call this function once, and only when you will not call load balancer integration again.