#metabrainz

I tried adding 127.0.0.53 to docker daemon config too.

zas: you still about?

we could use your expertise for a second.

maybe a firewall issue?

making changes to docker daemon requires a docker restart.

Eating right now, can it wait few minutes ?

but containers have been up for 40 minutes... so.

zas: k

I did restart docker service

bitmap: can I restart docker?

(on purple)

ruaok: sure

it didn't restart.

k

oh, I see, times didn't reset on the containers.

hmm.

yeah, not working.

I suspect firewall.

failed again

Docker is set up to not use iptables, if you use docker networks it I'd likely the problem

yes, we are.

are we forced to hose hostmode for networking?

Check etc docker daemon.json

I did add 127.0.0.53 to dns in /etc/docker/daemon.json

actually, we can do iptable for now.

restarting docker.

working now.

go ahead, yvanzo

I cannot even ping github from container (but fetching repo from github worked fine while building the image worked fine)

you should be able to now.

same

I can access the outside world from other containers.

maybe stop all containers and start again?

I did that already

even rebuilt images

ruaok: works now, thanks

great.

I had to remove dns settings for containers

(fetching db dump for real)

artwork-indexer container is running. it seems to be able to connect to PG fine.

(gives FATAL: database "musicbrainz_db" does not exist for now)

artwork-redirect*

lets see if the gateway picked it up

OH JEEZ MAKE IT STOP.

it picked it up and there is a TON of traffic.

scary.

oof, stopped

bitmap: sorry, not you.

that was badly expressed, sorry.

put that back it was doing great. :)

docker logs -f 73b2abdd60b2

is a bit of an assault.

haha yes I see what you mean

I wonder why the artwork-redirect_caa_1 logs aren't showing errors for these

ah, there is some cert problem. I guess I need to restart the service to pick up the changes.

its not quite working yet. the cert wasn't correctly generated. hang on

`[Mon Nov 1 21:10:11 UTC 2021] coverartartchive.org:Verify error:DNS problem: NXDOMAIN looking up A for coverartartchive.org - check that a DNS record exists for this domain

fat fingered that one. :)

can you please fix that extra t in the domain, bitmap ?

and restart your container?

cover art art chive. way to go mr. kaye.

whoops, ok one sec

there may be two instances

yeah

I bet you have traffic now.

indeed...

piles and piles of it.

I probably *should* stop the containers for now until these tracebacks stop

I'll switch back from herb to kiki

huh. there actually is no index_listing view in the database

oh dear, the load is already 20 and we have no DB in service.

yvanzo: I assume the schema is still being created?

we can stop the proxy too. that will make the import go faster.

let me do that

bitmap: yes

okay

I stopped the caa container for now

yvanzo: the whole server is yours now.

once the import is done we'll bring everything up and hope that one server can cope.

if not, we'll get a bigger server tomorrow.

almost loaded db dump

yvanzo: musicbrainz-docker_search_1 is continually restarting

I stopped it

(not needed)

k

this poor server is going to get hammered.

zas: you about? is this server already configured for high load?

I guess I should allocate more than 4GB to PG shared buffers then?

I don't think so

I guess nginx & sysctl will need tuning

can you please work on that?

yvanzo: yes, give it 33%, I would say

20Gb

because almost nothing else is going to take ram, might as well give it all to pg.

you just need the DB, not MB server?

we'll need replication running at least

no MB server, but yes replication.

but don't work harder to turn off MB server. its just not needed.

I will reduce the number of processes to 1 at least

puurfect.

bitmap: do we need materialized tables?

bitmap: ^^

yvanzo No I don’t think so

zas: how can we get the nginx and sysctl turning done soon?

creating PKs

let me see

where's your nginx.conf ?

thx

there is no additional nginx.conf as of yet

the whole setup lives in ~musicbrainz/nginx-proxy

and by whole, I mean that one file.

hmmm

it will not be easy to configure

what do you want to do?

well, we need to configure a lot of things at all levels in the config file, mainly set workers (at top level) and backlog (in server blocks)

thats easy now.

and the next section.

yes, I know that, but how do you change backlog on generated server blocks? I can't even see the whole config (I could dump it if it was running)

well, I'll do without, let's see how far we get

lets put it up, dump it and take it back down... shall we?

I'm not sure to understand: - /root/vhost:/etc/nginx/vhost.d

does it work?

I mean /root is unlikely readable by musicbrainz user

why does it have to be root?

lets put these files in ~musicbrainz

I don't know, it was like this

also where is proxy-wide inserted? in http block or at top level, I need to see includes

lets move it to musicbrainz. I adapted this from another project. in a hurry

ok

please do, I check if I can put directives elsewhere

zas: should I put the setup up for a second so you can examine it?

we can take it down again once you;re done.

let's do that

I'll do

done zas!

yvanzo: iotop shows no more MB DB activity. is the import done?

or is it vacuuming?

both are done

"worker_processes auto;"

great. bitmap shall we try it? see if it can handle the load?

wait, still need to update the db with latest replication packets

ruaok: where's your virtual host config?

zas: there is none yet.

I ran out to get food, but if you run docker-compose up -d inside the artwork-redirect dir for the musicbrainz user you can start it

ok, thanks, bitmap

how many packets are left?

yvanzo: ^