T5261: Add AWS load-balancing tunnel handler

Add AWS load-balancing tunnel handler
https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-integrate-linux-instances-with-aws-gateway-load-balancer/

set service aws glb script on-create '/config/scripts/tmp.sh'
set service aws glb script on-destroy '/config/scripts/tmp.sh'
set service aws glb status format 'simple'
set service aws glb status port '8282'

data/templates/aws/override_aws_gwlbtun.conf.j2

@@ -0,0 +1,10 @@
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+
+[Service]
+EnvironmentFile=
+ExecStart=/usr/bin/gwlbtun {{ '-c ' ~ script.on_create if script.on_create is vyos_defined }} {{ '-r ' ~ script.on_destroy if script.on_destroy is vyos_defined }} {{ '-p ' ~ status.port if status.port is vyos_defined }}
+CapabilityBoundingSet=CAP_NET_ADMIN
+Restart=always
+RestartSec=10

debian/control

@@ -36,6 +36,7 @@ Depends:
   accel-ppp,
   auditd,
   avahi-daemon,
+  aws-gwlbtun,
   beep,
   bmon,
   bsdmainutils,

interface-definitions/service-aws-glb.xml.in

@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="aws">
+        <properties>
+          <help>Amazon Web Service</help>
+          <priority>1280</priority>
+        </properties>
+        <children>
+          <node name="glb" owner="${vyos_conf_scripts_dir}/service_aws_glb.py">
+            <properties>
+              <help>Gateway load-balancer tunnel handler</help>
+            </properties>
+            <children>
+              <node name="script">
+                <properties>
+                  <help>Script executed on create or destroy tunnel</help>
+                </properties>
+                <children>
+                  <leafNode name="on-create">
+                    <properties>
+                      <help>Script to run when interface is created</help>
+                      <constraint>
+                        <validator name="script"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="on-destroy">
+                    <properties>
+                      <help>Script to run when interface is destroyed</help>
+                      <constraint>
+                        <validator name="script"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="status">
+                <properties>
+                  <help>Status</help>
+                </properties>
+                <children>
+                  <leafNode name="format">
+                    <properties>
+                      <help>Statistic format</help>
+                      <completionHelp>
+                        <list>simple full</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>simple</format>
+                        <description>Simple format</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>full</format>
+                        <description>Full format</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(simple|full)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/port-number.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>

src/conf_mode/service_aws_glb.py

@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+from shutil import rmtree
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.template import render
+from vyos.utils.process import call
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
+gwlbtun_dir = '/run/aws'
+systemd_service = 'aws-gwlbtun.service'
+systemd_override = '/run/systemd/system/aws-gwlbtun.service.d/10-override.conf'
+
+
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
+    base = ['service', 'aws', 'glb']
+    if not conf.exists(base):
+        return None
+
+    glb = conf.get_config_dict(base, key_mangling=('-', '_'),
+                                      get_first_key=True,
+                                      no_tag_node_value_mangle=True)
+
+    return glb
+
+
+def verify(glb):
+    # bail out early - looks like removal from running config
+    if not glb:
+        return None
+
+
+def generate(glb):
+    if not glb:
+         return None
+
+    if not os.path.isdir(gwlbtun_dir):
+        os.mkdir(gwlbtun_dir)
+
+    render(systemd_override, 'aws/override_aws_gwlbtun.conf.j2', glb)
+
+
+def apply(glb):
+    call('systemctl daemon-reload')
+    if not glb:
+        call(f'systemctl stop {systemd_service}')
+    else:
+        call(f'systemctl restart {systemd_service}')
+    return None
+
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)

src/systemd/aws-gwlbtun.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Description=AWS Gateway Load Balancer Tunnel Handler
+Documentation=https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler
+After=network.target
+
+[Service]
+ExecStart=
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target