Install iptables-nft explicitly

We installed this package in previous releases, so to prevent a mixture
of legacy and nftables firewall rules, we should explitly install the
iptables-nft package.

Closes-Bug: #2144562
Change-Id: I2bba43407a10edb283d8605d579667cb8d8e3126
Signed-off-by: Will Szumski <will@stackhpc.com>

Author: jovial

docker/neutron/neutron-base/Dockerfile.j2

@@ -12,6 +12,9 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% if base_package_type == 'rpm' %}
 
+    # FIXME(wszumski): iptables-nft is deprecated. We need to advise users
+    # to migrate to some other firewall driver as we cannot rely on this
+    # package forever, see: https://access.redhat.com/solutions/6739041
     {% set neutron_base_packages = [
         'conntrack-tools',
         'dnsmasq',
@@ -21,6 +24,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'iproute-tc',
         'ipset',
         'iptables',
+        'iptables-nft',
         'iputils',
         'keepalived',
         'net-tools',