On 2015-08-17 09:47, [email protected] wrote:
Author: stefanegli
Date: Mon Aug 17 07:47:15 2015
New Revision: 1696202
URL: http://svn.apache.org/r1696202
Log:
OAK-2739 : lease check introduced : by default there's now a check active which
assures the local lease is valid upon every action done towards the
DocumentStore
...
+ // OAK-2739 : when the lease is not current, we must stop
+ // the instance immediately to avoid any cluster inconsistency
+ final String errorMsg = "performLeaseCheck: this instance failed to update
the lease in time "
+ + "(leaseEndTime: "+leaseEndTime+", now: "+now+", leaseTime:
"+leaseTime+") "
+ + "and is thus no longer eligible for taking part in the cluster.
Shutting down NOW!";
+ LOG.error(errorMsg);
+
+ // now here comes the thing: we should a) call System.exit in a
separate thread
+ // to avoid any deadlock when calling from eg within the shutdown hook
+ // AND b) we should not call system.exit hundred times.
+ // so for b) we use 'systemExitTriggered' to avoid calling it over and
over
+ // BUT it doesn't have to be 100% ensured that system.exit is called
only once.
+ // it is fine if it gets called once, twice - but just not hundred
times.
+ // which is a long way of saying: volatile is fine here - and the 'if'
too
+ if (!systemExitTriggered) {
+ systemExitTriggered = true;
+ final Runnable r = new Runnable() {
+
+ @Override
+ public void run() {
+ System.exit(-1);
+ }
+
+ };
+ final Thread th = new Thread(r, "FailedLeaseCheckShutdown-Thread");
+ th.setDaemon(true);
+ th.start();
+ }
+ throw new AssertionError(errorMsg);
+ }
+
...
Hi everybody,
I'm a bit concerned (and that's an understatement) that OAK is now
calling System.exit. Detecting a serious problem - good. Stopping the
content repository - probably good, at least for write operations? But
stopping the whole VM, no matter what else it runs? Seriously?
Best regards, Julian
