On 18/08/15 13:43, "Marcel Reutegger" <[email protected]> wrote:
>On 18/08/15 11:14, "Stefan Egli" wrote: >>b) Oak does not do the System.exit but refuses to update anything towards >>the document store (thus just throws exceptions on each invocation) - and >>upper level code detects this situation (eg a Sling Health Check) and >>would do a System.exit based on how it is configured >> >>c) same as b) but upper level code does not do a System.exit (I¹m not >>sure >>if that makes sense - the instance is useless in such a situation) > >either b) or c) sounds reasonable to me. > >but if possible I'd like to avoid a System.exit(). would it be possible >to detect this situation in the DocumentNodeStoreService and restart >the DocumentNodeStore without the need to restart the JVM Good point. Perhaps restarting DocumentNodeStore is a valid alternative indeed. Is that feasible from a DocumentNodeStore point of view? What would be the consequences of a restarted DocumentNodeStore? >or would this >lead to an illegal state from a discovery POV? Have to think through the scenarios but perhaps this is fine (I was indeed initially under the assumption that it would not be fine, but that might have been wrong). The important bit is that any topology-related activity stops - and this can be achieved by sending TOPOLOGY_CHANGING (which in turn could be achieved by setting the own instance into 'deactivating' state in the discovery-lite-descriptor) and only coming back with TOPOLOGY_CHANGED once the restart would be settled and the local instance is back in the cluster with a valid, new lease. Cheers, Stefan
