From cf53e4a8fc268d471d9feb8338c978633c814bb4 Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Tue, 17 Feb 2015 12:28:46 +0000 Subject: [PATCH] Remove error logs for a common situation (non created ipsets) The log message was initially added by me as part of a iptables_firewall refactor. Ipsets for empty IP address lists aren't currently created, that means that we can't reference empty security groups (as ipsets) via iptable rules, and that's a normal condition, not an error. Closes bug: #1421772 Change-Id: I6b1ae1fb505ce5e76ef8cf7ef7df38cff57e0000 --- neutron/agent/linux/iptables_firewall.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py index 691e0a0bb..65766453f 100644 --- a/neutron/agent/linux/iptables_firewall.py +++ b/neutron/agent/linux/iptables_firewall.py @@ -22,7 +22,7 @@ from neutron.agent.linux import iptables_comments as ic from neutron.agent.linux import iptables_manager from neutron.common import constants from neutron.common import ipv6_utils -from neutron.i18n import _LI, _LE +from neutron.i18n import _LI from neutron.openstack.common import log as logging @@ -388,10 +388,8 @@ class IptablesFirewallDriver(firewall.FirewallDriver): ethertype = sg_rule.get('ethertype') ipset_name = self.ipset.get_name(remote_gid, ethertype) if not self.ipset.set_exists(remote_gid, ethertype): - LOG.error(_LE("Tried to generate an ipset iptable rule " - "for a security group rule (%(rule)r) referencing " - "an ipset (%(ipset)s) which doesn't exist yet."), - {'rule': sg_rule, 'ipset': ipset_name}) + #NOTE(mangelajo): ipsets for empty groups are not created + # thus we can't reference them. return None ipset_direction = IPSET_DIRECTION[sg_rule.get('direction')] args = self._generate_protocol_and_port_args(sg_rule) -- 2.45.2