monkey: I can’t drag more out of my brain this Friday, I had a bit of a play with the genre drop downs. Not perfectly happy but something to look at: https://www.figma.com/file/YRbCOtFHBez8XmMdCKbG...
MRiddickW joined the channel
MRiddickW has quit
chancey joined the channel
BrainzGit
[musicbrainz-android] 14akshaaatt merged pull request #156 (03master…dependabot/gradle/androidx.compose.material3-material3-1.1.0-alpha02): Bump material3 from 1.1.0-alpha01 to 1.1.0-alpha02 https://github.com/metabrainz/musicbrainz-andro...
[musicbrainz-android] 14akshaaatt merged pull request #155 (03master…dependabot/gradle/compose_version-1.3.1): Bump compose_version from 1.3.0 to 1.3.1 https://github.com/metabrainz/musicbrainz-andro...
it seems to indicate keydb cannot answer, so that the traffic coming out is dropped
atj
I'll stop the container on rex
zas
we can tcpdump and check what passes or not
traffic from int to int interface should be implicitly allowed by shorewall (can you check it is?)
but here we have a docker to int traffic
atj
when you stop the instance rex, the error message on rudi changes from timeout to connection refused
zas
btw, making keydb container listening only on 10.2.2.30 seems ok to me, as it should only be used by haproxy and consul health checks (which should both use this IP to connect)
atj: yes, ignore for now, let's focus on rudi instance
it has to pass health check and let us connect from the host itself
I suggest we restrict listening to 10.2.2.30:13062, can you make changes for that on rudi?
atj
OK, sure. I'm in bed at the moment, need to get up and have breakfast before I get into this ;)
yes, keydb works (from container, or on docker IP)
tcp check from 10.2.2.x (consul) works too
but connection from localhost using redis-cli doesn't
atj
so the TCP handshake is working
shouldn't docker-proxy be runnning?
zas
atj: dunno, that's internal docker stuff, can you start a test container as you said (running a dummy service)? currently we only have keydb as container in non-host mode
atj
nc in a test container doesn't work
zas
so that rules out keydb as being the source of the issue, docker + firewall, we are missing something. With the nc container, can you connect with source IP being on 10.2.2.x network (using -s option)?
atj
sorry, connection dropped and killed all my sessions
zas: internet connection keeps dropping, hopefully it's because they're doing some diagnostics to investigate my fault
bitmap: I noticed the weird stuff in https://tickets.metabrainz.org/browse/MBS-12705 when testing your latest PR - not a blocking issue, but a few choices seem odd to me, so maybe we can talk about them (possibly with aerozol too)
BrainzBot
MBS-12705: Beta: Make UI for repeatable attributes less confusing
zas
atj: if packets are dropped, they should appear in iptables counters right? which rules have >0 drops?
atj
zas: OK, I understand why I think
userland-proxy is set to false in docker daemon.json
zas: I've pushed a couple of commits to the PR branch. I've got some work I need to get on with for a few hours, you ok to deploy the haproxy updates?
zas
yup, I'll do after lunch
monkey
chinmay: Thanks for the advance notice about the whole "wrapping test side effects with act(…)" thing ! I'm hitting this problem in the react 18 update PR, except there's a million of those warnings… At least I know a bit more about where that's coming from now.
chinmay
monkey: hahaha I saw that test log!
monkey
Makes me want to cry
chinmay
All the best xD
zas
atj: haproxy changes deployed, redis-cli -h 10.2.3.254 works
atj
yay
zas
one thing: I think we should make rudi's keydb backup on rex, and rex's keydb backup on rudi, currently rudi's backup on both
what do you think?
atj
yeah, that seems sensible
zas
also, I don't think we need to sync with kiki/herb instances: web services on rudi/rex are different anyway
