Fix PING health-monitor with recent Centos releases

Centos 8 Stream removed the capabilities to open raw sockets from the
ping binary and added new sysctl default to allow an unprivileged user
to send ping request.  This sysctl was not inherited by the
amphora-haproxy namespace. Add it explicitly to our sysctl list.

Story 2009953
Task 44911

Change-Id: I499bdd5edc23b602495a9b2b9f22baf9547261d5
(cherry picked from commit cbf79c5627)

elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel

@@ -30,3 +30,11 @@ sysctl-write-value net.core.wmem_max 67108864
 sysctl-write-value net.ipv4.tcp_rmem "4096 87380 33554432"
 sysctl-write-value net.ipv4.tcp_wmem "4096 87380 33554432"
 sysctl-write-value net.ipv4.ip_local_port_range "1025 65534"
+
+# Allow unprivileged users to send ICMP echo requests
+# https://bugzilla.redhat.com/show_bug.cgi?id=2037807
+# This sysctl is already included in /usr/lib/sysctl.d/50-default.conf on Centos
+# 8 Stream (with a '-'' prefix that prevents sysctl from throwing an error if
+# the setting doesn't exist in the kernel), but sysctl --system doesn't apply it
+# correctly when creating the amphora-haproxy namespace.
+sysctl-write-value net.ipv4.ping_group_range "0 2147483647"

releasenotes/notes/fix-ping-hm-on-centos-stream-6624f19c8da86e22.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fix an issue with PING health-monitors on Centos 8 Stream. Changes in
+    Centos and systemd prevent an unprivileged user from sending ping requests
+    from a network namespace.