Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 18

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Resilience includes support for a number of outage scenarios with automated and manual fail-overrecovery.
  • Outage Scenarios
    • Network Connection Loss
      • A short-term connection loss between Master and Agent that will retry attempts to re- establish the connection for a configurable number of times.
      • Connection loss includes that from the beginning the JobScheduler Master and Agent have no knowledge if the connection failed or if a Master Service Failure occurred.
      • This scenario is intended for a connection failure that can be recovered by re-establishing retry attempts to establish a connection, is is not intended to recover from an on-going network outage. 
    • Master Service Failure
      • Either a loss of the connection between Master and Agent that cannot be re-established recovered within the number of retry attempts specified for the Network Connection Loss scenario
        • due to a server crash or
        • due to a JobScheduler Master crash.
      • Or an unplanned JobScheduler Master restart or server restart.
    • Database Connection Loss
      • A short-term connection loss beetween Master and database:
        • for a JobScheduler Active Cluster this scenario includes a period of less than 120s during which a cluster member tries retries attempts to re- establish the connection.
        • for a JobScheduler Passive Cluster this scenario includes no restriction of duration, it can be configured to retry attempts to re- connect to the database endlessly.
      • Connection loss includes that the JobScheduler Master has no knowledge if the database service failed or if the connection failed.

...

  • Outage Scenario
    • Network Connection Loss
      • A short-term connection loss between Master and Agent that will retry attempts to re- establish the connection for a configurable number of times.
  • Supported Scenario
    • Master/Agent Reconciliation addresses the Network Connection Loss scenario, not the Master Service Failure and Database Connection Loss scenarios.

...

  • Reconciliation Scenario
    • Applies after a Network Connection Loss between Master and Agent.
    • Includes 5 attempts to re- establish the normal relationship between Master and Agent after a connection loss. A delay of less than 1s is assumed between retry attempts.
  • Agent Behavior
    • By default an Agent will kill any running tasks if the connection to the Master gets lost, i.e. none of the above scenarios scenario is not supported (JS-1523). The reasons for this are:
      • If a Master were not available for a longer period then the Agent could not report back the execution history and log information for tasks. This would result in the fact that no information is available with the Master if the job execution has been successful or not.
      • The primary goal is to prevent duplicate simultaneous execution of jobs. Without further information from a Master the respective Agent instance cannot know if later on it will be contacted for re-execution of the same job (which would allow to continue a currently running task on an Agent) or if the Master will choose a different Agent (see RedundancyAgent Bundle).
    • With a Network Connection Loss setting configured with the Agent's process class the Agent will show the following behavior (JS-1524):
      • For the number of times specified for tolerated unsuccessful connection attempts the Agent will assume the Network Connection Loss scenario.
      • The Agent will continue any running tasks up to the specified number of retry attempts to re- establish the connection with the Master.
        • Reconciliation will take place if the connection between Master and Agent can be re- established within the number of retries and if the Master has not been restarted.
        • Otherwise the Agent will assume the Master Service Failure scenario and will kill any running tasks.
      • This behavior applies to tasks that are executed by an Agent for a specific Master to which a connection has been lost. Tasks for other JobScheduler Master instances will be continued.
  • Master/Agent Reconciliation
    • After connection loss the Master will regularly attempt to re-establish the HTTP connection to the Agent. This communication allows the Agent to report the execution status of running jobs back to the Master.
    • After a successful re-connect within the Network Connection Loss scenario the Master will repeat its request for execution of the respective jobs. Each new request includes an identifier for the previous execution request that allows the Agent to identify repeated requests:
      • for a job that has been completed within the time required to re-establish the connection the Agent will report the execution result back to the Master and will not re-execute the job.
      • for a job that is still running the Agent will report the appropriate information back to the Master which will note the running tasks and update JOC accordingly.
  • Feature Availability
    • Display feature availability
      StartingFromRelease1.10.2

...

  • This feature is intended to prevent simultaneous duplicate execution of jobs, it is not intended to prevent any consecutive duplicate execution of jobs.
    • If a task is completed within the period that is implied with the retry attempts to establish the connection then this will lead to consecutive duplicate execution as the Master will request the task to be re-executed. However, this scenario applies to jobs only that are running for less than 5s.
    • We recommend that your job scripts are designed to be aware of possible duplicate execution.
  • This feature covers the situation of a short-term Network Connection Loss, not of an on-going network outage.
    • A connection loss is recovered by repeated attempts to re-connect. 
    • An on-going network outage would require requires the Agent to work autonomously which is not in scope of this feature.
  • This feature is not intended to support a Master Service Failure scenario or Database Connection Loss scenario.

...

  • Outage Scenario
    • Master Service Failure
      • A loss of the connection between Master and Agent that cannot be re- established within the number of retry attempts specified for the Network Connection Loss scenario (see Master / Agent Reconciliation) or
      • A JobScheduler Master restart or server restart.
  • Supported Scenario
    • Master Service Recovery addresses the Master Service Failure scenario, not any scenario for Network Connection Loss or Database Connection Loss.

...

  • The capability to re-connect to a database does not imply that JobScheduler will cope with data loss, in fact JobScheduler relies on the job history and job-related status information being consistent and available with the database.
  • For use with replicated databases keep in mind that the delay that is caused by replication can result in data loss. 
    • Depending on the DBMS this delay might be short, however, it might result in duplicate execution of jobs if the information about a previous job run is not available with the replicated database in case of fail-over.
    • To our knowledge replicated databases are frequently used to achieve a database availability of up to approx. 99.9%.
  • For use with clustered databases JobScheduler does not rely on vendor-specific connection continuity mechanisms but complies with JDBC standards available with all DBMS products and will always re-connect after connection loss or occurrence of a failed transaction.
    • Unsupported vendor-specific mechanisms include e.g. SQL Server® multi-subnet clustering or MySQL® with Galera® JDBC fail-over that expect the client to switch the connection to some different address.
    • In case of fail-over the clustered database is expected to be available with the same connection attributes, e.g. hostname, port. This can include mechanisms as e.g. DNS switching to make a different database server the primary server in case of fail-over.
    • To our knowledge clustered databases are frequently used to achieve a database availability of up to approx. 99.999%.

...