Remove error logs for a common situation (non created ipsets)

The log message was initially added by me as part of a
iptables_firewall refactor.

Ipsets for empty IP address lists aren't currently created,
that means that we can't reference empty security groups
(as ipsets) via iptable rules, and that's a normal condition,
not an error.

Closes bug: #1421772
Change-Id: I6b1ae1fb505ce5e76ef8cf7ef7df38cff57e0000

diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index 691e0a0bb85cce5a27e6a375b135f0ff884f021d..65766453fa42e2013e4cde1b3e46426c2931e81e 100644 (file)
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -22,7 +22,7 @@ from neutron.agent.linux import iptables_comments as ic
 from neutron.agent.linux import iptables_manager
 from neutron.common import constants
 from neutron.common import ipv6_utils
-from neutron.i18n import _LI, _LE
+from neutron.i18n import _LI
 from neutron.openstack.common import log as logging
 
 
@@ -388,10 +388,8 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
         ethertype = sg_rule.get('ethertype')
         ipset_name = self.ipset.get_name(remote_gid, ethertype)
         if not self.ipset.set_exists(remote_gid, ethertype):
-            LOG.error(_LE("Tried to generate an ipset iptable rule "
-                          "for a security group rule (%(rule)r) referencing "
-                          "an ipset (%(ipset)s) which doesn't exist yet."),
-                      {'rule': sg_rule, 'ipset': ipset_name})
+            #NOTE(mangelajo): ipsets for empty groups are not created
+            #                 thus we can't reference them.
             return None
         ipset_direction = IPSET_DIRECTION[sg_rule.get('direction')]
         args = self._generate_protocol_and_port_args(sg_rule)