undercloud: enable KernelIpNonLocalBind

We need KernelIpNonLocalBind on the undercloud to bind non local ips
among other ip forward options. This sysctl parameter was managed by
instack-undercloud but never ported to the containerized undercloud.
We need the same sysctl parameters for parity with non containerized
undercloud.

Change-Id: Idd3d432b8f7eb573d94cd56be8e05614510ebddf
Related-Bug: #1774898

environments/undercloud.yaml

@@ -31,6 +31,7 @@ resource_registry:
 parameter_defaults:
   # ensure we enable ip_forward before docker gets run
   KernelIpForward: 1
+  KernelIpNonLocalBind: 1
   KeystoneCorsAllowedOrigin: '*'
   # Increase the Token expiration time until we fix the actual session bug:
   # https://bugs.launchpad.net/tripleo/+bug/1761050

puppet/services/kernel.yaml

@@ -42,6 +42,10 @@ parameters:
     default: 1
     description: Configures net.ipv4.ip_forward key
     type: number
+  KernelIpNonLocalBind:
+    default: 0
+    description: Configures net.ipv{4,6}.ip_nonlocal_bind key
+    type: number
   NeighbourGcThreshold1:
     default: 1024
     description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
@@ -144,6 +148,10 @@ outputs:
               # enable/disable ip forward for undercloud/docker
               net.ipv4.ip_forward:
                 value: {get_param: KernelIpForward}
+              net.ipv4.ip_nonlocal_bind:
+                value: {get_param: KernelIpNonLocalBind}
+              net.ipv6.ip_nonlocal_bind:
+                value: {get_param: KernelIpNonLocalBind}
               # prevent neutron bridges from autoconfiguring ipv6 addresses
               net.ipv6.conf.all.accept_ra:
                 value: 0