diff options
-rw-r--r-- | data/templates/aws/override_aws_gwlbtun.conf.j2 | 36 | ||||
-rw-r--r-- | data/templates/firewall/nftables.j2 | 1 | ||||
-rw-r--r-- | debian/control | 1 | ||||
-rw-r--r-- | interface-definitions/service-aws-glb.xml.in | 127 | ||||
-rwxr-xr-x | src/conf_mode/service_aws_glb.py | 76 | ||||
-rw-r--r-- | src/systemd/aws-gwlbtun.service | 11 |
6 files changed, 251 insertions, 1 deletions
diff --git a/data/templates/aws/override_aws_gwlbtun.conf.j2 b/data/templates/aws/override_aws_gwlbtun.conf.j2 new file mode 100644 index 000000000..4c566d852 --- /dev/null +++ b/data/templates/aws/override_aws_gwlbtun.conf.j2 @@ -0,0 +1,36 @@ +{% set args = [] %} +{% if script.on_create is vyos_defined %} +{% set _ = args.append("-c " + script.on_create) %} +{% endif %} +{% if script.on_destroy is vyos_defined %} +{% set _ = args.append("-r " + script.on_destroy) %} +{% endif %} + +{% if status.port is vyos_defined %} +{% set _ = args.append("-p " + status.port) %} +{% endif %} + +{% if threads.tunnel is vyos_defined %} +{% set _ = args.append("--tunthreads " + threads.tunnel) %} +{% endif %} +{% if threads.tunnel_affinity is vyos_defined %} +{% set _ = args.append("--tunaffinity " + threads.tunnel_affinity) %} +{% endif %} + +{% if threads.udp is vyos_defined %} +{% set _ = args.append("--udpthreads " + threads.udp) %} +{% endif %} +{% if threads.udp_affinity is vyos_defined %} +{% set _ = args.append("--udpaffinity " + threads.udp_affinity) %} +{% endif %} + +[Unit] +StartLimitIntervalSec=0 +After=vyos-router.service + +[Service] +EnvironmentFile= +ExecStart=/usr/bin/gwlbtun {{ args | join(' ') }} +CapabilityBoundingSet=CAP_NET_ADMIN +Restart=always +RestartSec=10 diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 723c9c3a2..db010257d 100644 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -272,7 +272,6 @@ table bridge vyos_filter { {{ group_tmpl.groups(group, False, False) }} } {% endif %} -{{ group_tmpl.groups(group, True) }} table inet vyos_offload delete table inet vyos_offload diff --git a/debian/control b/debian/control index ee45a5fe3..735733956 100644 --- a/debian/control +++ b/debian/control @@ -36,6 +36,7 @@ Depends: accel-ppp, auditd, avahi-daemon, + aws-gwlbtun, beep, bmon, bsdmainutils, diff --git a/interface-definitions/service-aws-glb.xml.in b/interface-definitions/service-aws-glb.xml.in new file mode 100644 index 000000000..c749fd04e --- /dev/null +++ b/interface-definitions/service-aws-glb.xml.in @@ -0,0 +1,127 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="aws"> + <properties> + <help>Amazon Web Service</help> + <priority>1280</priority> + </properties> + <children> + <node name="glb" owner="${vyos_conf_scripts_dir}/service_aws_glb.py"> + <properties> + <help>Gateway load-balancer tunnel handler</help> + </properties> + <children> + <node name="script"> + <properties> + <help>Script executed on create or destroy tunnel</help> + </properties> + <children> + <leafNode name="on-create"> + <properties> + <help>Script to run when interface is created</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-destroy"> + <properties> + <help>Script to run when interface is destroyed</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="status"> + <properties> + <help>Status</help> + </properties> + <children> + <leafNode name="format"> + <properties> + <help>Statistic format</help> + <completionHelp> + <list>simple full</list> + </completionHelp> + <valueHelp> + <format>simple</format> + <description>Simple format</description> + </valueHelp> + <valueHelp> + <format>full</format> + <description>Full format</description> + </valueHelp> + <constraint> + <regex>(simple|full)</regex> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + </children> + </node> + <node name="threads"> + <properties> + <help>Threads settings</help> + </properties> + <children> + <leafNode name="tunnel"> + <properties> + <help>Number of threads for each tunnel processor</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of threads</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + <leafNode name="tunnel-affinity"> + <properties> + <help>List of cores worker threads</help> + <valueHelp> + <format><idN>-<idM></format> + <description>CPU core id range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>Number of threads for UDP receiver</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of threads</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + <leafNode name="udp-affinity"> + <properties> + <help>List of cores worker threads</help> + <valueHelp> + <format><idN>-<idM></format> + <description>CPU core id range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/src/conf_mode/service_aws_glb.py b/src/conf_mode/service_aws_glb.py new file mode 100755 index 000000000..d1ed5a07b --- /dev/null +++ b/src/conf_mode/service_aws_glb.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from sys import exit + +from vyos.config import Config +from vyos.template import render +from vyos.utils.process import call +from vyos import ConfigError +from vyos import airbag +airbag.enable() + +systemd_service = 'aws-gwlbtun.service' +systemd_override = '/run/systemd/system/aws-gwlbtun.service.d/10-override.conf' + + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + base = ['service', 'aws', 'glb'] + if not conf.exists(base): + return None + + glb = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) + + return glb + + +def verify(glb): + # bail out early - looks like removal from running config + if not glb: + return None + + +def generate(glb): + if not glb: + return None + + render(systemd_override, 'aws/override_aws_gwlbtun.conf.j2', glb) + + +def apply(glb): + call('systemctl daemon-reload') + if not glb: + call(f'systemctl stop {systemd_service}') + else: + call(f'systemctl restart {systemd_service}') + return None + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/systemd/aws-gwlbtun.service b/src/systemd/aws-gwlbtun.service new file mode 100644 index 000000000..97d772dec --- /dev/null +++ b/src/systemd/aws-gwlbtun.service @@ -0,0 +1,11 @@ +[Unit] +Description=Description=AWS Gateway Load Balancer Tunnel Handler +Documentation=https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler +After=network.target + +[Service] +ExecStart= +Restart=on-failure + +[Install] +WantedBy=multi-user.target |