Load balancer scripts
Guardium® External S-TAP requires integration with a load balancer to help provide redundancy to eliminate a single point of failure.
You can use one of the sample scripts as a base, but actual implementation details will vary according to your needs. Both of the sample scripts include the required load balancer functions, which are described in Table 1. Changes will be required to either script to meet your site's needs.
- The lb_interface_nginx.sh sample script provides a sample NGINX-based implementation.
- The lb_interface_echo.sh sample script provides information about a generic implementation and echoes back information about elements in the script.
The load balancer is activated when the External S-TAP is deployed.
Function name | Meaning |
---|---|
lb_import_state() |
Takes a state file that is created by the deployment script and builds up the load balancer configuration. The file format is as follows:
Where each line contains the following information as a comma-separated list:
The lb_import_state function prepares the configuration from the state provided. The state is passed to lb_import_state, which is called once each time the deployment script runs, and always before any other function. |
lb_redirect_around_containers() | Changes the configuration that is created by lb_import_state to temporarily direct traffic around (rather than through) the Docker containers. Receives two parameters that describe the host and port of the target server. Used to temporarily remove interception by External S-TAP instances for debugging and testing. |
lb_add_one() | Takes two parameters, the host and port of the External S-TAP Docker container to add. The lb_add_one function uses the configuration that is prepared in lb_import_state to add a container to the configuration. |
lb_remove_one() | Takes two parameters, the host and port of the External S-TAP Docker container to remove. The lb_remove_one function uses the configuration that is prepared in lb_import_state to remove the container from the configuration. |
lb_apply_config() | Takes no parameters. Applies the current state of the configuration to the load balancer. Can be called multiple times per run of the deployment script. |
lb_teardown_config() | Takes no parameters. Deactivates the load-balancer. Call this function is to remove the External S-TAP containers as part of an uninstall process. |
lb_cleanup() | Takes no parameters. Performs any cleanup necessary to remove temporary files. Call this function once, and only when you will not call load balancer integration again. |