I'm not that sure I agree. In general, you can't recover from a fatal situation, and the quickest and easiest solution is to bail and let the HA system fail over to a different node, until this one can recover from scratch.
Sure, for a clean shutdown attempt, I agree. But abort situations are different. In the past, I've worked on systems that had > 1/2 their code trying to recover from fatal situations. This code was rarely tested (because that's extremely difficult), and so was constantly broken. It increased maintenance costs for, in the end, no benefit. I've since come around to the opinion that aborting ASAP on fatal error is the best solution. (Note, this is just my opinion, of course) Dan On Mon, Oct 19, 2015 at 8:43 AM, Swen Schillig <s...@vnet.ibm.com> wrote: > Recently, I realized, that triggering logging-functions > (e.g. LogFatal()) could end the program. > > I think this is wrong. > > One can argue that it is alright to exit a program from > a function in contrast to only allow this from main(). > But I'm pretty sure that there aren't many projects around where this is > happening from a "logger" function. > > Personally, I would vote for a single place where all necessary steps > are taken for ganesha to end. > Which is preferably only called from main(). > > What are the thoughts on this ? > > Cheers Swen > > > ------------------------------------------------------------------------------ > _______________________________________________ > Nfs-ganesha-devel mailing list > Nfs-ganesha-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel ------------------------------------------------------------------------------ _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
