[14:48:46] 10Continuous-Integration-Infrastructure (Zuul upgrade): Investigate how Zuul finger gateway works - https://phabricator.wikimedia.org/T403734 (10hashar) 03NEW [14:58:10] 10Continuous-Integration-Infrastructure (Zuul upgrade), 06collaboration-services, 10Release-Engineering-Team (Doing 😎): Build zuul images for production - https://phabricator.wikimedia.org/T396245#11148382 (10dduvall) [14:58:20] 10Continuous-Integration-Infrastructure (Zuul upgrade), 06collaboration-services, 10Release-Engineering-Team (Doing 😎): Build zuul images for production - https://phabricator.wikimedia.org/T396245#11148383 (10dduvall) 05Open→03Resolved [14:58:37] 10Continuous-Integration-Infrastructure (Zuul upgrade), 06collaboration-services, 10Release-Engineering-Team (Doing 😎): Build zuul images for production - https://phabricator.wikimedia.org/T396245#11148384 (10dduvall) [18:19:40] re: networking and communication between nodepool in container and zookeeper outside container. [18:20:27] the magic hashar mentioned (--network=host) should just be -p 2181:2181 to expose port 2181 [18:20:38] but that fails with some spectacular error :) [18:20:48] docker0: iptables: No chain/target/match by that name :) [18:21:14] and the reason for that is.. we just dont have iptables installed.. because our default nowadays is to use nftables :p [18:22:12] soo.. ehm.. let me try to change that just for these VMs .. which is kind of a bummer [18:22:58] should have known though because all hosts using docker were already the special case in the past for the firewall change [18:23:57] oh.. there is also a profile::docker::engine::settings: iptables: false ! [20:39:30] earlier in the meeting I forgot to mention things I actually already did. [20:39:59] among them: a role/profile for executors that already have that "global nodepool ssh key" to connect to workers.. I said no. but it's in fact done