T5261: Add AWS load-balancing tunnel handler

data/templates/aws/override_aws_gwlbtun.conf.j2

@@ -0,0 +1,12 @@
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+ConditionPathExists=/run/aws/gwlbtun.conf
+
+[Service]
+EnvironmentFile=
+ExecStart=
+ExecStart=/usr/bin/gwlbtun -c /usr/libexec/vyos/vyos-aws-gwlbtun.py  -r /usr/libexec/vyos/vyos-aws-gwlbtun.py {{ '-t ' ~ timeout if timeout is vyos_defined }} {{ '-p ' ~ status.port if status.port is vyos_defined }}
+CapabilityBoundingSet=CAP_NET_ADMIN
+Restart=always
+RestartSec=10

interface-definitions/service-aws-glb.xml.in

@@ -0,0 +1,73 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="service">
+    <children>
+      <node name="aws">
+        <properties>
+          <help>Amazon Web Service</help>
+          <priority>1280</priority>
+        </properties>
+        <children>
+          <node name="glb" owner="${vyos_conf_scripts_dir}/service_aws_glb.py">
+            <properties>
+              <help>Gateway load-balancer tunnel handler</help>
+            </properties>
+            <children>
+              <node name="status">
+                <properties>
+                  <help>Status</help>
+                </properties>
+                <children>
+                  <leafNode name="format">
+                    <properties>
+                      <help>Statistic format</help>
+                      <completionHelp>
+                        <list>simple full</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>simple</format>
+                        <description>Simple format</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>full</format>
+                        <description>Full format</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(simple|full)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  #include <include/port-number.xml.i>
+                </children>
+              </node>
+              <leafNode name="timeout">
+                <properties>
+                  <help>Number of seconds to delete interface</help>
+                  <valueHelp>
+                    <format>u32:10-60000</format>
+                    <description>Timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 10-60000"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <tagNode name="interfaces">
+                <properties>
+                  <help>Interface</help>
+                </properties>
+                <children>
+                  <leafNode name="eni-id">
+                    <properties>
+                      <help>Elastic network interface id</help>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>

src/conf_mode/service_aws_glb.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+from shutil import rmtree
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.template import render
+from vyos.util import call
+from vyos.util import cmd
+from vyos.xml import defaults
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+from pprint import pprint
+
+gwlbtun_dir = '/run/aws'
+gwlbtun_config = f'{gwlbtun_dir}/gwlbtun.conf'
+systemd_service = 'aws-gwlbtun.service'
+systemd_override = '/run/systemd/system/aws-gwlbtun.service.d/10-override.conf'
+
+
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
+    base = ['service', 'aws', 'glb']
+    if not conf.exists(base):
+        return None
+
+    glb = conf.get_config_dict(base, key_mangling=('-', '_'),
+                                      get_first_key=True,
+                                      no_tag_node_value_mangle=True)
+
+    from pprint import pprint
+    pprint(glb)
+    return glb
+
+
+def verify(glb):
+    # bail out early - looks like removal from running config
+    if not glb:
+        return None
+
+
+def generate(glb):
+    if not glb:
+        if os.path.isfile(gwlbtun_config):
+            os.unlink(gwlbtun_config)
+
+        return None
+
+    if not os.path.isdir(gwlbtun_dir):
+        os.mkdir(gwlbtun_dir)
+
+    render(gwlbtun_config, 'aws/gwlbtun.conf.j2', glb)
+    render(systemd_override, 'aws/override_aws_gwlbtun.conf.j2', glb)
+
+
+def apply(glb):
+    if not glb:
+        call(f'systemctl stop {systemd_service}')
+    else:
+        call(f'systemctl restart {systemd_service}')
+    return None
+
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)

src/helpers/vyos-aws-gwlbtun.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import argparse
+import sys
+
+from pathlib import Path
+from systemd import journal
+
+from vyos.configquery import ConfigTreeQuery
+from vyos.util import rc_cmd
+
+
+my_name = Path(__file__).stem
+
+
+def find_interface_by_eni_id(eni_id_to_find: str, config: dict):
+    interfaces = config.get('interfaces', {})
+    for interface, interface_config in interfaces.items():
+        if interface_config.get('eni_id') == eni_id_to_find:
+            return interface
+    return None
+
+
+def log_arguments(op, in_int, out_int, eni_id):
+    journal.send(f'Op is "{op}", In Int is "{in_int}", Out Int is "{out_int}", ENI is "{eni_id}"', SYSLOG_IDENTIFIER=my_name)
+
+
+def rename_interface(old_name, new_name):
+    journal.send(f'ip link set dev gwi-{old_name} name {new_name}', SYSLOG_IDENTIFIER=my_name)
+    rc, out = rc_cmd(f'ip link set dev gwi-{old_name} name {new_name}')
+    if rc != 0:
+        journal.send(out, SYSLOG_IDENTIFIER=my_name)
+
+
+if __name__ == '__main__':
+    if len(sys.argv) < 5:
+        journal.send('Not enough arguments provided.', SYSLOG_IDENTIFIER=my_name)
+        journal.send('Usage: python3 vyos-aws-gwlbtun.py op in_int out_int eni_id', SYSLOG_IDENTIFIER=my_name)
+        sys.exit(1)
+
+    op = sys.argv[1]
+    in_int = sys.argv[2]
+    out_int = sys.argv[3]
+    eni_id = sys.argv[4]
+
+    base = ['service', 'aws', 'glb']
+    conf = ConfigTreeQuery()
+    aws_config = conf.get_config_dict(base, key_mangling=('-', '_'),
+                                     get_first_key=True,
+                                     no_tag_node_value_mangle=True)
+
+    log_arguments(op, in_int, out_int, eni_id)
+
+    interface = find_interface_by_eni_id(eni_id, aws_config)
+    if interface:
+        rename_interface(in_int, interface)

src/systemd/aws-gwlbtun.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Description=AWS Gateway Load Balancer Tunnel Handler
+Documentation=https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler
+After=network.target
+
+[Service]
+ExecStart=
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target