PasiStop

Introduction

Well-written Checkpoint applications don't, in general, object to being terminated abruptly, if there are no ongoing transactions when the termination occurs. However, if there are any such transactions, abruptly killing the service risks causing data corruption.

Pasistop provides a solution to this problem for web-based applications which use Checkpoint's "Pasiphae" web-applications framework. It uses an RPC (Remote Procedure Call) interface built into Pasiphae to call up the service and tell it to invoke its own shutdown procedure. This procedure knows how to interact cleanly with any load that may be around at the time. Typically it sets up some kind of lock which prevents any new transactions from being started, waits for any ongoing transactions to complete, and then shuts down the application.

This process does not require any authentication, so it can easily be invoked by scripts (eg. those invoked when the machine itself is being shut down, in the case of most unix environments). In order to avoid abuse / DoS attacks, the stop request will only be accepted if it comes over the local-loopback network; ie. you can only invoke PasiStop when logged in locally to the machine running the service.

Pasistop is also the recommended way to shut down the Checkpoint Daemon.

PasiStop is a Java-based tool and has the same system requirements as the Checkpoint core itself.

Usage

• port : the TCP port upon which the service in question is running.
• If the service is using TLS, you must add a suffix letter s to the port.

To shut down the Daemon, use the -daemon parameter instead of specifying a port. [This doesn't do anything Daemon-specific - it's just so you don't have to know which port the Daemon is running on.]