Server Recovery In Domain Mode

[Edgar Anderson]

I have been researching how nodes can automatically recover from fatal errors like being out of heap space.

On a standalone node, giving Java the -XX:+ExitOnOutOfMemoryError option takes care of stopping the server. It can be combined with Restart=on-failure in the systemd unit to take care of starting it again.

However, on a domain node, systemd wouldn't notice the server is down unless the host controller died. So, I could still add -XX:+ExitOnOutOfMemoryError to the JVM options of the server process, but if it actually did stop, it seems like it would just stay that way until manually started.

The documentation says of the "auto-start" server attribute that it determines whether that server is started when the host controller starts. It doesn't say that that server will be RE-started automatically if it fails. Will it? Is there another way to achieve automatic restarts in domain mode?

[Yeray Borges Santana]

Hi Edgar,

> The documentation says of the "auto-start" server attribute that it determines whether that server is started when the host controller starts. It doesn't say that that server will be RE-started automatically if it fails. Will it?

It won't. Automatic restarting of managed servers is a feature that is not implemented in WildFly. The "auto-start" setting only starts the managed server if the Host Controller process is restarted.

The Host Controller is responsible for managing the lifecycle of a managed server and the Host Controller process itself is managed by the Process Controller. The automatic restart capability implemented in the Process Controller is limited to the Host Controller process only, and not the individual managed servers. In this case, I would say that WildFly prioritizes administrative control over automatic intervention, and assumes that a server process failure is an exceptional event that requires investigation rather than an automated restart. 

> Is there another way to achieve automatic restarts in domain mode?

WildFly server does not offer any native mechanism. Not sure if there could be other alternatives, but I can think of an OS script that reads the managed server status and restarts it using management operations, although a bit tricky I guess since the script will need to understand what was the exit code of the managed server to not automatically restart it if it was explicitly stopped.

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wildfly/567fe54a-6669-44ad-a161-7681e93ca4fen%40googlegroups.com.