- The confusing situation has been in place since 3.0 Namely
there is a "force" argument. Until now it did nothing at all.
Now it does something.
- The choice was to either get rid of force completely and then
add it back in in the future when the non-daemon thread problem
has been solved. Or have force do what it was always supposed
to do. "They" decided on the latter and I implemented it. It
is trivially easy to remove the argument completely. Perhaps
you should bring it up at the Engineering meeting?
- You must not have tried the command out. It definitely does
not turn it into a Zombie. In fact -- you can easily access the
HTTP listener in a browser after running 'stop-domain --force
false'! Why? [1]
[1] The "real" shutdown of GF happens because of the call to
GlassFIshRuntime.shutdown(). That is called via a shutdown hook
(see core/bootstrapping code). Shutdown Hooks are only called after
exiting main() and the last non-daemon thread has stopped. Or if
System.exit() is called. In the case of "force=false" neither of
these cases is true and no shutdown hooks are called. I suggested
that we move this code out of a shutdown hook and call it explicitly
(I filed an issue). That issue was immediately closed. So that's
not going to happen.
On 11/3/2010 11:36 AM, Ken wrote:
Ken
Cavanaugh wrote:
Byron Nevins wrote:
Yes - that is how stop-server commands
work. Before the --force option was 100% ignored. Now it is
used. If you set --force to false, then the server will not
stop. That's because System.exit() is not called and your
server has non-daemon threads left running - so it will never
stop.
So what you are saying is, if a user types "stop-instance --force
false", the instance does not stop. Worse, the
instance is left in a zombie state (e.g. ORB still runs, but EJBs
are undeployed). I don't see that this is a useful
behavior to expose to the customer. From our meeting this
morning, I think the docs and SQE folks agree with
this.
I can understand that there might be a desire to have a clean
shutdown option (e.g. kill vs. kill -9),
but if the clean shutdown doesn't work, we shouldn't support it.
It's not clear to me what your
plan is for MS7 (and FCS) in GF 3.1, but it seems that either
stop-instance --force false should
result in useful behavior (at least in a "normal" case), or
stop-instance --force false should
not be supported. If the --force option is needed for other plans
(e.g. backward compatibility or
future support), I think --force false should produce a warning
and do nothing. Otherwise, the
--force option should be removed.
Another question is: how should SQE test stop-instance --force
false? The current behavior is not
well-defined, and cannot be tested.
My desire here is simple: avoid situations that confuse the user.
If the option is not useful, it
should not be supported.
Thanks,
Ken.
--
Byron Nevins - Oracle Corporation
Home: 650-359-1290
Cell: 650-784-4123
Sierra: 209-295-2188