You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ignite.apache.org by GitBox <gi...@apache.org> on 2020/11/09 17:24:00 UTC

[GitHub] [ignite] dmagda commented on a change in pull request #8430: IGNITE-13662 : Describe soLinger setting in TCP Discovery and SSL issues.

dmagda commented on a change in pull request #8430:
URL: https://github.com/apache/ignite/pull/8430#discussion_r519979370



##########
File path: docs/_docs/clustering/network-configuration.adoc
##########
@@ -56,6 +56,7 @@ You can find the complete list of properties in the javadoc:org.apache.ignite.sp
 | `localPort`  | The port that the node binds to. If set to a non-default value, other cluster nodes must know this port to be able to discover the node. | `47500`
 | `localPortRange`| If the `localPort` is busy, the node attempts to bind to the next port (incremented by 1) and continues this process until it finds a free port. The `localPortRange` property defines the number of ports the node will try (starting from `localPort`).
    | `100`
+| `soLinger`| Setting linger-on-close can help with socket deadlocks of SSL issues like JDK-8219658. But costs longer detection of node failure. | `0`

Review comment:
       I guess the SSL issue is not the only reason of why developers might want to tweak this flag. How about this description? It's enough to mention the SSL issue on the SSL page only and leave the description in this place generic.
   
   _Specifies a linger-on-close timeout. This option disables/enables immediate return from a close() of a TCP Socket. Setting the timeout to `0` closes the socket immediately. See the Javadoc for more details._ 

##########
File path: docs/_docs/security/ssl-tls.adoc
##########
@@ -32,6 +32,12 @@ To enable SSL/TLS for cluster nodes, configure an `SSLContext` factory in the no
 You can use the `org.apache.ignite.ssl.SslContextFactory`, which is the default factory that uses a configurable keystore to initialize the SSL context.
 //You can also implement your own `SSLContext` factory.
 
+[NOTE]
+====

Review comment:
       I would put it this way:
   
   _Consider setting the `TcpDiscovery.soLinger` parameter to X to avoid SSL-related deadlocks on certain versions of JRE. Alternatively, update your JRE version to the latest one._
   
   And do the following with this text:
   
   1. Turn the "SSL-related deadlock" phrase into an external link: https://github.com/apache/ignite/tree/master/docs#links-to-external-resources
   2. The callout needs to be of the "caution" type: https://github.com/apache/ignite/tree/master/docs#callouts




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org