(0.44.0) Add dedicated health port for JITServer #19160
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Starting with OpenSSL version 3, the SSL code will generate
SSL_R_UNEXPECTED_EOF_WHILE_READING error messages if the other
party has closed the connection without a proper shutdown
notification.
This commit prevents such messages from being printed on
the console. However, these error messages will stil be printed
to the verbose log if -Xjit:verbose={JITServer} option is
given to the JITServer process.
Signed-off-by: Marius Pirvu <mpirvu@ca.ibm.com>
Kubernetes can use liveness and readiness probes to check a pod's health. For a TCP port, the kubelet attempts to open a socket to the container on the specified port. If a connection can be established, the container is considered healthy. The JITServer did not have a dedicated port for health probes; instead, the main communication port (default 38400) could be used for this purpose. However, this solution is not ideal when communication between the client and server is encrypted with OpenSSL. Starting with OpenSSL 3.0, if one of the participants closes the connection without notifying the other party, the OpenSSL library will log error messages like: "A0F04FE4FE7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:320" Since the health probes are sent periodically, over time, the log of the JITServer container could be flooded with such messages. While the error is benign in nature, these messages are annoying and can create concerns for end-users. This commit adds a dedicated health port for JITServer, where communication is never encrypted. By default, the JITServer will open a health port and the value of this port is 38600. The following options were added: `-XX:JITServerHealthProbePort=NNN` # change the health port value `-XX:-JITServerHealthProbes` # disable the dedicated health port `-XX:+JITServerHealthProbes` # enable the dedicated health port Signed-off-by: Marius Pirvu <mpirvu@ca.ibm.com>
Signed-off-by: Marius Pirvu <mpirvu@ca.ibm.com>
|
This PR chery-picks the commits from #19107 (master branch) |
|
@dsouzai Could you please review/merge this backport PR? Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Kubernetes can use liveness and readiness probes to check
a pod's health. For a TCP port, the kubelet attempts to open a
socket to the container on the specified port. If a connection
can be established, the container is considered healthy.
The JITServer did not have a dedicated port for health probes;
instead, the main communication port (default 38400) could be
used for this purpose. However, this solution is not ideal
when communication between the client and server is encrypted
with OpenSSL. Starting with OpenSSL 3.0, if one of the participants
closes the connection without notifying the other party, the
OpenSSL library will log error messages like:
"A0F04FE4FE7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:320"
Since the health probes are sent periodically, over time, the log
of the JITServer container could be flooded with such messages.
While the error is benign in nature, these messages are annoying
and can create concerns for end-users.
This commit adds a dedicated health port for JITServer, where
communication is never encrypted. By default, the JITServer will
open a health port and the value of this port is 38600.
The following options were added:
-XX:JITServerHealthProbePort=NNN # change the health port value
-XX:-JITServerHealthProbes # disable the dedicated health port
-XX:+JITServerHealthProbes # enable the dedicated health port
Issue: OpenLiberty/open-liberty#27665