network: Fix security groups for CentOS (#2590)

On RHEL/CentOS/Fedora the bridge related sysctl rules are enabled in kernel by default but can only be disabled. Enabling those keys will fail, causing iptables/ebtables tables to not be created and fails SG on CentOS. This also fixes an integration test case, which assumes first few tests complete within 3 minutes. In nested env the value may be large, this increases the value to 20 minutes. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-10-26 08:42:29 +01:00 · 2018-04-23 16:54:03 +02:00 · 2018-04-23 16:54:03 +02:00 · ea55a002cf
commit ea55a002cf
parent b5abdd306e
2 changed files with 3 additions and 4 deletions
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@ -1154,8 +1154,7 @@ def addFWFramework(brname):
        execute("sysctl -w net.bridge.bridge-nf-call-iptables=1")
        execute("sysctl -w net.bridge.bridge-nf-call-ip6tables=1")
    except:
-        logging.debug("failed to turn on bridge netfilter")
-        return False
+        logging.warn("failed to turn on bridge netfilter")

    brfw = getBrfw(brname)
    try:
--- a/test/integration/smoke/test_routers.py
+++ b/test/integration/smoke/test_routers.py
@ -521,9 +521,9 @@ class TestRouterServices(cloudstackTestCase):
        )
        if str(result[3]) == "min,":
            self.assertEqual(
-                (int(result[2]) < 3),
+                (int(result[2]) < 20),
                True,
-                "Check uptime is less than 3 mins or not"
+                "Check uptime is less than 20 mins or not"
            )
        else:
            self.assertEqual(