ResourceAdapter.getXAResources is for message inflow recovery,
see JCA1.5 Section 12.5.2
The activation specs must be persisted for recovery purposes.

For outbound it needs to do ManagedConnection.getXAResource().
For the Subject problem see the special case mentioned in JCA1.5 Section 6.5.3.5
This looks insecure to me (and probably not supported by some XAResources)
so we may need to add configuration for a recovery user/password where
this cannot be determined from the JCA config.

The fundamental problem is that the transaction manager needs to get the list
of ResourceAdapters/ManagedConnectionFactorys to perform recovery.
But this cannot be done using a <depends-list> because the ResourceAdapter
needs a reference to the transaction manager before it can start (chicken and egg).
1) For the XATerminator - RARs could try to use this during start()
2) For the tx-connection-factory/tx datasources - not strictly necessary since we
don't need the connection manager or pool for recovery

So what is required is that there be a separate recovery MBean that has a
<depends-list> of the ResourceAdapters.
This will allow the following startup ordering:
1) Transaction manager
2) Resource Adapters
3) Recovery manager

Care must be taken such that the recovery manager only tries to
recover transactions that were from a previous instances.
Using either a mark in the log of when it was restarted or by
recording the jvm id in the log record?

We also want to fix this tight coupling of the TM and RARs to make this simpler.
We can then delay some processes to make the recovery occur before
services become available
1) Transaction manager
2) Resource Adapters
3) Recovery manager
4) Start WorkManager
5) Bind ConnectionFactorys to JNDI
6) Activate MDB activations

Also bear in mind that JBossMQ and other services(?) use a DataSource
to persist data. i.e. one XAResource uses another one as a delegate.
Although in this case, the delegate XAResource should never be taking
part in two phase commit!?

On Heuristics, I think the best thing to do for this is what Corba alllows.
i.e. We report all heuristics to a special log/notification mechanism
with some policy on whether it should be automatically rolledback or committed.

Only the administrator can work out what has gone wrong or whether it is
consistent with how he tried to resolve a problem.

Yes, I already read that section...What Subject are you suppoed to pass in? It is the ConnectionRequestInfo that is supposed to be null.

I don't think this needs to be that complicated. If we force/require all ResourceAdapters and ManagedConnectionFactory's to have a specific ObjectName attribute then we can do an MBean query on the MBeanServer to find these MBeans.

From what you're saying, I think we need to require that each XA resource be required to implement an MBean whose sole purpose is to obtain a reference to an XAResource interface.

So, here's what I had in mind:

1. JBoss Boots up. All MBeans are created and started.
2. JBoss ServerImpl broadcasts an MBean Startup Notification. (This is currently already coded).
3. RecoverManager MBean receives the "JBoss Started" notification and begins recovery.
4. RecoveryManager queries MBeanServer for all "Recovery" Mbeans. These "Recovery" Mbeans will provide references to their XAResources.
5. RecoveryManager performs recovery.
6. RecoveryManager tells all "Recovery" Mbeans that they are finished with the XAResources.

The RecoveryManager MBean can do this at start(). Just rename existing log files, or use a timestamp in the logfile name. Anyways...I think it would be better to have a specific logger than a DB. That way, we have ultimate speed, and we can have/control as many log files as we want.

Based on what I've said above, do we really need to fix the coupling? Problem is...is it ok to do recovery while a live system is running? Seems it would be ok as long as XAResource.recover does not return Xids of existing running transactions.

This will take more thought when recovery is added to JMS. Isn't/doesn't the TM required to identify duplicate XAResources?

Linked with JIRA: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=58285

"bill.burke@jboss.com" wrote:


Ok, then it would be implemented as follows:

1. TM depends on RecoveryManager
2. Recovery manager records prexisting log files.
3. Recovery Manager creates new log files.
4. Everybody starts up.
5. Recover Manager receives START notification. Starts recovering on prexisting recorded file list.

The reason for using the DB is as follows:
a) It is usually a part of the transaction already
b) It is easy to implement
c) It fixes the final problem for a local db
i.e. when using the last resource gambit, there is no way to know whether
the db commit worked or failed if the AS fails during the DB commit invocation.

Seems this would only work if the logger was the same DataSource as the Gambitted resource.
Bill

The disk might fail, but this does not create a scenario of inconsistent state. Prepared resources will just get rolled back during recovery.