neutron-openvswitch-agent says Tried to generate an ipset iptable rule for a security group rule even in normal operation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Miguel Angel Ajo |
Bug Description
Lot's of messages like those ones can be seen in normal operation:
2015-02-12 20:03:28.775 ERROR neutron.
2015-02-12 20:12:19.873 ERROR neutron.
2015-02-12 20:12:21.742 ERROR neutron.
The logic of this log message is broken, and should be removed.
Because, we can actually generate an iptable rule referencing a set which doesn't exist yet,
as long as we don't try to push the iptables before creating the sets, in which case
iptables-restore would fail, and that's ok enough.
I will submit a patch to remove the message logic.
Changed in neutron: | |
assignee: | nobody → Miguel Angel Ajo (mangelajo) |
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
milestone: | none → kilo-3 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | kilo-3 → 2015.1.0 |
Reviewed: https:/ /review. openstack. org/156566 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=cf53e4a8fc2 68d471d9feb8338 c978633c814bb4
Committed: https:/
Submitter: Jenkins
Branch: master
commit cf53e4a8fc268d4 71d9feb8338c978 633c814bb4
Author: Miguel Angel Ajo <email address hidden>
Date: Tue Feb 17 12:28:46 2015 +0000
Remove error logs for a common situation (non created ipsets)
The log message was initially added by me as part of a firewall refactor.
iptables_
Ipsets for empty IP address lists aren't currently created,
that means that we can't reference empty security groups
(as ipsets) via iptable rules, and that's a normal condition,
not an error.
Closes bug: #1421772 e76ef8cf7ef7df3 8cff57e0000
Change-Id: I6b1ae1fb505ce5