feat(neutron): enable trunk plugin

components/neutron/aio-values.yaml

@@ -52,12 +52,14 @@ conf:
         type_drivers: "vlan,local,understack_vxlan"
   neutron:
     DEFAULT:
-      service_plugins: "l3_understack,segments"
+      service_plugins: "router,segments,trunk"
       # we don't want HA L3 routers. It's a Python value so we need to quote it in YAML.
       l3_ha: "False"
       # we aren't using availability zones so having calls attempt to add things to
       # availability zones won't work.
       default_availability_zones: ""
+    service_providers:
+      service_provider: "L3_ROUTER_NAT:cisco-asa:neutron_understack.l3_service_cisco_asa.CiscoAsa"
 
 # disable the neutron-ironic-agent from loading a non-existent config
 pod:

components/openstack-2024.2-jammy.yaml

@@ -35,18 +35,18 @@ images:
     ironic_retrive_swift_config: "docker.io/openstackhelm/heat:2024.2-ubuntu_jammy"
 
     # neutron
-    neutron_db_sync: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_dhcp: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_l3: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_l2gw: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_linuxbridge_agent: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_metadata: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_ovn_metadata: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_openvswitch_agent: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_server: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_rpc_server: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_bagpipe_bgp: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
-    neutron_netns_cleanup_cron: "ghcr.io/rackerlabs/understack/neutron:2024.2-ubuntu_jammy"
+    neutron_db_sync: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_dhcp: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_l3: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_l2gw: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_linuxbridge_agent: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_metadata: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_ovn_metadata: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_openvswitch_agent: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_server: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_rpc_server: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_bagpipe_bgp: "ghcr.io/rackerlabs/understack/neutron:pr-554"
+    neutron_netns_cleanup_cron: "ghcr.io/rackerlabs/understack/neutron:pr-554"
 
     # nova
     nova_api: "docker.io/openstackhelm/nova:2024.2-ubuntu_jammy"

python/neutron-understack/neutron_understack/l3_service_cisco_asa.py

@@ -0,0 +1,44 @@
+# inspired from
+# https://docs.openstack.org/neutron/latest/admin/config-router-flavor-ovn.html
+
+import ssl
+
+import requests
+import urllib3
+from neutron.services.l3_router.service_providers import base
+from neutron_lib.callbacks import registry
+from oslo_log import log as logging
+
+LOG = logging.getLogger(__name__)
+
+
+class CustomHttpAdapter(requests.adapters.HTTPAdapter):
+    """Custom adapter for bad ASA SSL."""
+
+    def __init__(self, ssl_context=None, **kwargs):
+        """Init to match requests HTTPAdapter."""
+        self.ssl_context = ssl_context
+        super().__init__(**kwargs)
+
+    def init_poolmanager(self, connections, maxsize, block=False):
+        self.poolmanager = urllib3.poolmanager.PoolManager(
+            num_pools=connections,
+            maxsize=maxsize,
+            block=block,
+            ssl_context=self.ssl_context,
+        )
+
+
+def get_legacy_session():
+    """Support bad ASA SSL."""
+    ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+    ctx.check_hostname = False
+    ctx.options |= 0x4  # OP_LEGACY_SERVER_CONNECT
+    session = requests.session()
+    session.mount("https://", CustomHttpAdapter(ctx))
+    return session
+
+
+@registry.has_registry_receivers
+class CiscoAsa(base.L3ServiceProvider):
+    use_integrated_agent_scheduler = True

python/neutron-understack/neutron_understack/neutron_understack_mech.py

@@ -16,6 +16,7 @@
 
 from neutron_understack import config
 from neutron_understack.nautobot import Nautobot
+from neutron_understack.trunk import UnderStackTrunkDriver
 from neutron_understack.undersync import Undersync
 
 LOG = logging.getLogger(__name__)
@@ -112,6 +113,7 @@ def initialize(self):
         conf = cfg.CONF.ml2_understack
         self.nb = Nautobot(conf.nb_url, conf.nb_token)
         self.undersync = Undersync(conf.undersync_token, conf.undersync_url)
+        self.trunk_driver = UnderStackTrunkDriver.create(self)
 
     def create_network_precommit(self, context):
         log_call("create_network_precommit", context)

python/neutron-understack/neutron_understack/trunk.py

@@ -0,0 +1,28 @@
+from neutron.services.trunk.drivers import base as trunk_base
+from neutron_lib.api.definitions import portbindings
+from neutron_lib.services.trunk import constants as trunk_consts
+from oslo_config import cfg
+
+SUPPORTED_INTERFACES = (portbindings.VIF_TYPE_OTHER,)
+
+SUPPORTED_SEGMENTATION_TYPES = (trunk_consts.SEGMENTATION_TYPE_VLAN,)
+
+
+class UnderStackTrunkDriver(trunk_base.DriverBase):
+    @property
+    def is_loaded(self):
+        try:
+            return "understack" in cfg.CONF.ml2.mechanism_drivers
+        except cfg.NoSuchOptError:
+            return False
+
+    @classmethod
+    def create(cls, plugin_driver):
+        cls.plugin_driver = plugin_driver
+        return cls(
+            "understack",
+            SUPPORTED_INTERFACES,
+            SUPPORTED_SEGMENTATION_TYPES,
+            None,
+            can_trunk_bound_port=True,
+        )

python/neutron-understack/pyproject.toml

@@ -85,3 +85,4 @@ understack_vxlan = "neutron_understack.type_understack_vxlan:UnderstackVxlanType
 
 [tool.poetry.plugins."neutron.service_plugins"]
 l3_understack = "neutron_understack.l3_service_plugin:UnderStackL3ServicePlugin"
+l3_understack_cisco_asa = "neutron_understack.l3_service_cisco_asa:CiscoAsa"