[
https://issues.apache.org/jira/browse/IGNITE-7648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16742056#comment-16742056
]
Alexei Scherbakov commented on IGNITE-7648:
-------------------------------------------
[~voropava],
I have concerns about your recent changes in the branch.
# Removing waiting logic in handling socket exception seems wrong because it
detracts main idea of the fix - try to establish connection with exact respect
to user defined reconnect and timeout properties. If failure detection is set
equal to 10 seconds TCP client have to try no less than 10 seconds. Consider
the case when connection cannot be established due to short network issue and
connect fails immediately and reconnect count is small. In such case defined
failure detection will not be respected and destination node will be failed
false positively. This is why the IGNITE_ENABLE_FORCIBLE_NODE_KILL was
introduced in the first time, see IGNITE-5718. I suggest to return waiting
logic and undo wrong test condition in TcpCommunicationSpiFaultyClientTest and
make sure it works in all cases in the described way.
# handshakeTimeoutException should contain suppressed IOException if it's
happened after timeout in *safeTcpHandshake*.
# Please remove all explicit timeout overrides from tests, on example from
o.a.i.i.processors.cache.index.SchemaExchangeSelfTest#startNoCache(int,
boolean) and make sure everything works without them.
# We should somehow address the scenario described early by [~ilyak]. What if
node stays isolated by the communication but fully accessible by discovery ? In
such case all other nodes will be failed, but this is wrong. Only minority of
nodes must be failed. I think it's necessary to extend
org.apache.ignite.spi.IgniteSpiContext#resolveCommunicationFailure for TCP
discovery. Probably this should be done as separate ticket.
> Fix IGNITE_ENABLE_FORCIBLE_NODE_KILL system property.
> -----------------------------------------------------
>
> Key: IGNITE-7648
> URL: https://issues.apache.org/jira/browse/IGNITE-7648
> Project: Ignite
> Issue Type: Improvement
> Affects Versions: 2.3
> Reporter: Alexei Scherbakov
> Assignee: Alexei Scherbakov
> Priority: Major
> Fix For: 2.8
>
>
> IGNITE_ENABLE_FORCIBLE_NODE_KILL system property was introduced in
> IGNITE-5718 as a way to prevent unnecessary node drops in case of short
> network problems.
> I suppose it's wrong decision to fix it in such way.
> We had faced some issues in our production due to lack of automatic kicking
> of ill-behaving nodes (on example, hanging due to long GC pauses) until we
> realised the necessity of changing default behavior via property.
> Right solution is to kick nodes only if failure threshold is reached. Such
> behavior should be always enabled.
> UPDATE: During a discussion it was decided what the property will remain
> disabled by default.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
