Graceful restart on Win32 Apache isn't.

[Bill Stoddard <st...@raleigh.ibm.com>]

The root problem is that sockets are not inherited across multiple
processes (maybe this can be fixed... Investigating).  A restart can
hang indefinitely if the server is busy.  A bug in the bug DB says a
restart commonly takes from 1 to 3 hours on a busy server. The reason is
that Apache waits until the TCP/IP stack's listen queue is completely
empty before killing the child and allowing a new child to take over. 

The alternative is for the child to close the sockets at the beginning
of a restart (which will dump connections on the listen queue), service
the connections already queued in the server then die. At least this way
the admin is guaranteed a quick restart.

Opinions on which is preferable? I tend to favor the quick restart at
the expense of loosing connections on the listen queue.

Other alternatives are available, at significant compexity...

1. Add a config directive that controls the restart behaviour
(Yeech....I wouldn't want to do this unless someomne sees a compelling
reason for it, which I don't).

2. Devise a way for the parent to:
a. recognize apache -k restart_graceful, or apache -k restart_ungraceful
b. signal the child to die in the appropriate way

I haven't given much thought on the best way to implement option 2.
Today, the parent signals the child accept thread via a simple exit
event (and there are no 'flavors' of exit). One thought... create a
child thread that waits on two events, a graceful restart event and an
ungraceful restart event. This thread receives the signal from the
parent and does the right thing (sets the exit event which in turn is
checked by the accept thread). Probably not too hard to implement. 

Thoughts? Is it worthwhile to pursue option 2? other?

Update...
Did a bit more testing before sending this note and uncovered more
interesting behaviour... A heavily loaded Apache on Win32 will not
shutdown if started as a service. (i.e., net stop apache, or apache -k
shutdown will hang until the listen queue is emptied). That's what I
expected to see.

Right now, I'm leaning heavily toward dumping all the connections in the
listen queue across a restart initiated from the command line and
graceful restart when MaxRequestsPerChild is hit.


Bill


-- 
Bill Stoddard
stoddard@raleigh.ibm.com

Re: Graceful restart on Win32 Apache isn't.

[Bill Stoddard <st...@raleigh.ibm.com>]

Ben Hyde wrote:
> 
> Bill Stoddard <st...@raleigh.ibm.com> writes:
> > shutdown will hang until the listen queue is emptied).
> 
> Is this because the WaitForMultipleObjects call puts the
> signal_shutdown_event et. al. at the end of the the list
> of things to wait on, where I suspect it gets lowest priority?

No. Before the fix I checked in last week, the accept loop thread would
not be allowed to exit until the select timed out with no connections to
service. The accept thread would keep working as long as there were
connections to service. 
-- 
Bill Stoddard
stoddard@raleigh.ibm.com

Re: Graceful restart on Win32 Apache isn't.

[Ben Hyde <bh...@pobox.com>]

Bill Stoddard <st...@raleigh.ibm.com> writes:
> shutdown will hang until the listen queue is emptied).  

Is this because the WaitForMultipleObjects call puts the
signal_shutdown_event et. al. at the end of the the list
of things to wait on, where I suspect it gets lowest priority?

 - ben

Re: Graceful restart on Win32 Apache isn't.

[Rodent of Unusual Size <Ke...@Golux.Com>]

Bill Stoddard wrote:
> 
> The alternative is for the child to close the sockets at the beginning
> of a restart (which will dump connections on the listen queue), service
> the connections already queued in the server then die. At least this way
> the admin is guaranteed a quick restart.
> 
> Opinions on which is preferable? I tend to favor the quick restart at
> the expense of loosing connections on the listen queue.

I regard the 'graceful' aspect as being the completion of
requests already begun by the server.  Connexions in the
listen queue haven't reached the server yet, so I don't
think they count -- I'm in favour of closing the socket
and draining the queue.
-- 
#ken    P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>