With upstream https://review.openstack.org/#/c/551729 merged, kolla builds neutron-l3-agent with vpnaas and libreswan in (merged in a single container): https://review.openstack.org/#/c/551729/3/docker/neutron/neutron-l3-agent/Dockerfile.j2 This works for RDO as it still has neutron-vpnaas, but this was dropped in OSP a few releases ago. So for downstream OSP we should override this so container build does not try to pull in openstack-neutron-vpn-agent and libreswan
Code tested on latest OSP13 with openstack-tripleo-common-8.6.1-6.el7ost.noarch # NOTE(jschlueter) RH OSP does not ship openstack-neutron-vpnaas so we need to exclude these {% set neutron_l3_agent_packages_remove = ['openstack-neutron-vpn-agent', 'libreswan'] %}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086