[
https://issues.apache.org/jira/browse/KAFKA-15392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Greg Harris updated KAFKA-15392:
--------------------------------
Description:
Due to the initialization order of the connect RestServer and Herder, the jetty
Server is started before the ServletContextHandler instances are installed.
This causes jetty to consider them "unmanaged" and thus will not call the
start() and stop() lifecycle on our behalf.
RestServer#initializeResources already explicitly calls start() for these
unmanaged resources, but there is no accompanying stop() call, so the resources
never enter the STOPPED state.
The jetty server has one more operation after stopping: destroy(), which
asserts that resources are already stopped. If the jetty server is ever
destroyed, this exception will be thrown:
{noformat}
java.lang.IllegalStateException: !STOPPED
at
org.eclipse.jetty.server.handler.HandlerWrapper.destroy(HandlerWrapper.java:140)
at o.a.k.connect.runtime.rest.RestServer.stop(RestServer.java:361){noformat}
Fortunately, destroy() is currently only called when an error has already
occurred, so this IllegalStateException is never thrown on happy-path
execution. Instead, if RestServer shutdown encounters an error (such as
exceeding the GRACEFUL_SHUTDOWN_TIMEOUT and timing out) the other error will be
shadowed by the IllegalStateException.
Rather than only calling destroy() on failure and shadowing the error,
destroy() should always be called and it's errors reported separately.
was:
Due to the initialization order of the connect RestServer and Herder, the jetty
Server is started before the ServletContextHandler instances are installed.
This causes jetty to consider them "unmanaged" and thus will not call the
start() and stop() lifecycle on our behalf.
RestServer#initializeResources already explicitly calls start() for these
unmanaged resources, but there is no accompanying stop() call, so the resources
never enter the STOPPED state.
The jetty server has one more operation after stopping: destroy(), which
asserts that resources are already stopped. If the jetty server is ever
destroyed, this exception will be thrown:
java.lang.IllegalStateException: !STOPPED
at
org.eclipse.jetty.server.handler.HandlerWrapper.destroy(HandlerWrapper.java:140)
at o.a.k.connect.runtime.rest.RestServer.stop(RestServer.java:361)
Fortunately, destroy() is currently only called when an error has already
occurred, so this IllegalStateException is never thrown on happy-path
execution. Instead, if RestServer shutdown encounters an error (such as
exceeding the GRACEFUL_SHUTDOWN_TIMEOUT and timing out) the other error will be
shadowed by the IllegalStateException.
Rather than only calling destroy() on failure and shadowing the error,
destroy() should always be called and it's errors reported separately.
> RestServer starts but does not stop ServletContextHandler
> ---------------------------------------------------------
>
> Key: KAFKA-15392
> URL: https://issues.apache.org/jira/browse/KAFKA-15392
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Greg Harris
> Assignee: Greg Harris
> Priority: Minor
>
> Due to the initialization order of the connect RestServer and Herder, the
> jetty Server is started before the ServletContextHandler instances are
> installed. This causes jetty to consider them "unmanaged" and thus will not
> call the start() and stop() lifecycle on our behalf.
> RestServer#initializeResources already explicitly calls start() for these
> unmanaged resources, but there is no accompanying stop() call, so the
> resources never enter the STOPPED state.
> The jetty server has one more operation after stopping: destroy(), which
> asserts that resources are already stopped. If the jetty server is ever
> destroyed, this exception will be thrown:
> {noformat}
> java.lang.IllegalStateException: !STOPPED
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.destroy(HandlerWrapper.java:140)
> at o.a.k.connect.runtime.rest.RestServer.stop(RestServer.java:361){noformat}
> Fortunately, destroy() is currently only called when an error has already
> occurred, so this IllegalStateException is never thrown on happy-path
> execution. Instead, if RestServer shutdown encounters an error (such as
> exceeding the GRACEFUL_SHUTDOWN_TIMEOUT and timing out) the other error will
> be shadowed by the IllegalStateException.
> Rather than only calling destroy() on failure and shadowing the error,
> destroy() should always be called and it's errors reported separately.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
