network: Fix security groups for CentOS (#2590)

On RHEL/CentOS/Fedora the bridge related sysctl rules are enabled
in kernel by default but can only be disabled. Enabling those keys
will fail, causing iptables/ebtables tables to not be created
and fails SG on CentOS.

This also fixes an integration test case, which assumes first few
tests complete within 3 minutes. In nested env the value may be large,
this increases the value to 20 minutes.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Author: yadvr

scripts/vm/network/security_group.py

@@ -1154,8 +1154,7 @@ def addFWFramework(brname):
         execute("sysctl -w net.bridge.bridge-nf-call-iptables=1")
         execute("sysctl -w net.bridge.bridge-nf-call-ip6tables=1")
     except:
-        logging.debug("failed to turn on bridge netfilter")
-        return False
+        logging.warn("failed to turn on bridge netfilter")
 
     brfw = getBrfw(brname)
     try:

test/integration/smoke/test_routers.py

@@ -521,9 +521,9 @@ def test_04_restart_network_wo_cleanup(self):
         )
         if str(result[3]) == "min,":
             self.assertEqual(
-                (int(result[2]) < 3),
+                (int(result[2]) < 20),
                 True,
-                "Check uptime is less than 3 mins or not"
+                "Check uptime is less than 20 mins or not"
             )
         else:
             self.assertEqual(