Currently, the HAModClusterService (where httpd communication is
coordinated by an HA singleton) does not react to crashed/hung members.
Specifically, when the HA singleton gets a callback that the group
membership changes, it does not send any REMOVE-APP messages to httpd on
behalf of the member that just left. Currently, httpd will detect the
failure (via a disconnected socket) on its own and sets its internal
state accordingly, e.g. a STATUS message will return NOTOK.
The non-handling of dropped members is actually a good thing in the
event of a network partition, where communication between nodes is lost,
but communication between httpd and the nodes is unaffected. If we were
handling dropped members, we would have to handle the ugly scenario
Jean-Frederic: a few questions...
1. Is it up to the AS to drive the recovery of a NOTOK node when it
becomes functional again? In the case of a crashed member, fresh
CONFIG/ENABLE-APP messages will be sent upon node restart. In the case
of a re-merged network partition, no additional messages are sent. Is
the subsequent STATUS message (with a non-zero lbfactor) enough to
trigger the recovery of this node?
2. Can httpd detect hung nodes? A hung node will not affect the
connected state of the AJP/HTTP/S connector - it could only detect this
by sending data to the connector and timing out on the response.
And some questions for open discussion:
What does HAModClusterService really buy us over the normal
ModClusterService? Do the benefits outweigh the complexity?
* Maintains a uniform view of proxy status across each AS node
* Can detect and send STOP-APP/REMOVE-APP messages on behalf of
hung/crashed nodes (if httpd cannot already do this) (not yet
+ Requires special handling of network partitions
* Potentially improve scalability by minimizing network traffic for
very large clusters.
e.g. non-masters ping httpd less often
* Anything else?