We've worked out the rough outline of how graceful shutdown will work in
AS7.
The process of graceful shutdown actually is reflected by a number of
states:
1. Running - all services acting normally
2. Suspending - services refuse new "permits" (see below), existing
permits are allowed to be retained (and threads running under such a
permit may still acquire new permits)
3. Suspended - no permits are present and none may be issued
4. Shutting Down - our existing server stop process
The following transitions are allowed:
1. Running → Suspending: Transition occurs at user request (to suspend
or gracefully shut down).
2. Suspending → Suspended: Transition occurs when all permits are cleared.
3. Suspending → Running: Transition occurs at user request (to exit
suspend mode or cancel graceful shutdown before it completes).
4. Suspended → Running: Transition occurs at user request (to exit
suspend mode).
5. Suspended → Shutting Down: Transition occurs automatically (if a
graceful shutdown was requested) or at user request (if a shut down
request of any kind is entered in the Suspended state).
6. Running → Shutting Down: Transition occurs at user request (to shut
down the server "un-gracefully").
These "permits" are issued by the "Shutdown Manager", whose job is to
manage these states. They are issued corresponding to the following events:
1. The invocation of an EJB method
2. The creation of a web session
3. A creation of a transaction
4. Probably some situations involving HQ and/or JCA
When a permit cannot be issued due to the server shutting down, a
standard exception message should be produced so that the user can see a
familiar error message regardless of what mechanism is used to access
the server.
--
- DML