It definitely can not be driven by a simple (global) semaphore. If it is
a fair one, it'll be a throughput bottleneck. If it is an unfair one you
would get unacceptable round-trip time deviation.
Carlo
On 06/27/2012 01:13 AM, Bill Burke wrote:
Are you sure explicity granting "permits" through a
"Shutdown Manager"
the way to go? Having to interact with a central service that grants
permits per-request is very worrisome. The subsystem may already have a
better way to do graceful shutdown, or just cannot follow a permit pattern.
Is it not simpler and gives more flexibility to a subsystem to drive
this via events rather than explicit callbacks to a Shutdown Manager?
i.e.
class Suspending extends ShutdownEvent
{
void iFinishedSuspending(); // the callback to the Shutdown Manager
}
GIves the subsystem flexibility on how best to implement a graceful
shutdown.
On 6/26/12 11:00 AM, Jason T. Greene wrote:
> *EDITED*
>
> We've worked out the rough outline of how graceful shutdown will work in
> AS7.
>
> The process of graceful shutdown actually is reflected by a number of
> states:
>
> 1. Running - all services acting normally
> 2. Suspending - services refuse new "permits" (see below), existing
> permits are allowed to be retained (and threads running under such a
> permit may still acquire new permits)
> 3. Suspended - no permits are present and none may be issued
> 4. Shutting Down - our existing server stop process / reload admin mode
>
> The following transitions are allowed:
>
> 1. Running → Suspending: Transition occurs at user request (to suspend
> or gracefully shut down).
> 2. Suspending → Suspended: Transition occurs when all permits are cleared.
> 3. Suspending → Running: Transition occurs at user request (to exit
> suspend mode or cancel graceful shutdown before it completes).
> 4. Suspended → Running: Transition occurs at user request (to exit
> suspend mode).
> 5. Suspended → Shutting Down: Transition occurs automatically (if a
> graceful shutdown was requested) or at user request (if a shut down
> request of any kind is entered in the Suspended state).
> 6. Running → Shutting Down: Transition occurs at user request (to shut
> down the server "un-gracefully").
> 7. Suspending → Shutting Down (User aborts a graceful shutdown)
>
> These "permits" are issued by the "Shutdown Manager", whose job
is to
> manage these states. They are issued corresponding to the following events:
>
> 1. The invocation of an EJB method
> 2. The creation of a web session
> 3. A creation of a transaction
> 4. MessageEndpoint and WorkManager aquire permit allowing for release()
> from a thirdparty to indicate connection close.
>
> When a permit cannot be issued due to the server shutting down, a
> standard exception message should be produced so that the user can see a
> familiar error message regardless of what mechanism is used to access
> the server.
>