JVM Checkpoint Restore

Spring Framework 与 Project CRaC实现的检查点/恢复集成,以便允许实现能够通过 JVM 减少基于 Spring 的 Java 应用程序的启动和预热时间的系统。

The Spring Framework integrates with checkpoint/restore as implemented by Project CRaC in order to allow implementing systems capable of reducing the startup and warmup times of Spring-based Java applications with the JVM.

使用此功能需要:

Using this feature requires:

  • A checkpoint/restore enabled JVM (Linux only for now).

  • The presence of the org.crac:crac library (version 1.4.0 and above are supported) in the classpath.

  • Specifying the required java command-line parameters like -XX:CRaCCheckpointTo=PATH or -XX:CRaCRestoreFrom=PATH.

当根据请求的检查点在 -XX:CRaCCheckpointTo=PATH 指定的路径生成文件时,这些文件包含正在运行的 JVM 的内存表示,可能包含机密和其他敏感数据。使用此功能时应假设 JVM “看到”的任何值(例如来自环境的配置属性)都将存储在这些 CRaC 文件中。结果,应仔细评估这些文件生成、存储和访问的位置和方式,以及安全影响。

The files generated in the path specified by -XX:CRaCCheckpointTo=PATH when a checkpoint is requested contain a representation of the memory of the running JVM, which may contain secrets and other sensitive data. Using this feature should be done with the assumption that any value "seen" by the JVM, such as configuration properties coming from the environment, will be stored in those CRaC files. As a consequence, the security implications of where and how those files are generated, stored, and accessed should be carefully assessed.

从概念上讲,检查点和恢复与 Spring Lifecycle contract 保持一致,适用于单独的 bean。

Conceptually, checkpoint and restore align with the Spring Lifecycle contract for individual beans.

On-demand checkpoint/restore of a running application

可以按需创建检查点,例如使用 jcmd application.jar JDK.checkpoint 之类的命令。在创建检查点之前,Spring 停止所有正在运行的 bean,让它们有机会通过实现 Lifecycle.stop 关闭资源(如果需要)。恢复后,重新启动相同的 bean,Lifecycle.start 允许 bean 在相关时重新打开资源。对于不依赖于 Spring 的库,可以通过实现 org.crac.Resource 并注册相关实例,提供自定义的检查点/恢复集成。

A checkpoint can be created on demand, for example using a command like jcmd application.jar JDK.checkpoint. Before the creation of the checkpoint, Spring stops all the running beans, giving them a chance to close resources if needed by implementing Lifecycle.stop. After restore, the same beans are restarted, with Lifecycle.start allowing beans to reopen resources when relevant. For libraries that do not depend on Spring, custom checkpoint/restore integration can be provided by implementing org.crac.Resource and registering the related instance.

利用正在运行应用程序的检查点/恢复通常需要额外的生命周期管理才能正常停止并开始使用文件或套接字等资源,并停止活动线程。

Leveraging checkpoint/restore of a running application typically requires additional lifecycle management to gracefully stop and start using resources like files or sockets and stop active threads.

如果在热身 JVM 上创建检查点,则恢复的 JVM 也将获得同样的热身,从而立即允许潜在的峰值性能。这种方法通常需要访问远程服务,因此需要某种程度的平台集成。

If the checkpoint is created on a warmed-up JVM, the restored JVM will be equally warmed-up, allowing potentially peak performance immediately. This method typically requires access to remote services, and thus requires some level of platform integration.

Automatic checkpoint/restore at startup

当设置 -Dspring.context.checkpoint=onRefresh JVM 系统属性时,将在 LifecycleProcessor.onRefresh 阶段自动创建检查点。此阶段完成后,所有非延迟初始化的单例均已实例化,并且已经调用了 InitializingBean#afterPropertiesSet 回调;但生命周期尚未开始,并且尚未发布 ContextRefreshedEvent

When the -Dspring.context.checkpoint=onRefresh JVM system property is set, a checkpoint is created automatically at startup during the LifecycleProcessor.onRefresh phase. After this phase has completed, all non-lazy initialized singletons have been instantiated, and InitializingBean#afterPropertiesSet callbacks have been invoked; but the lifecycle has not started, and the ContextRefreshedEvent has not yet been published.

出于测试目的,还可以利用 -Dspring.context.exit=onRefresh JVM 系统属性,该属性会触发类似的行为,但不是创建检查点,而是在相同的生命周期阶段退出 Spring 应用程序,而无需 Project CraC 依赖项/JVM 或 Linux。当 bean 未启动并且可能会优化配置以避免这种情况时,这有助于检查是否需要连接到远程服务。

For testing purposes, it is also possible to leverage the -Dspring.context.exit=onRefresh JVM system property which triggers similar behavior, but instead of creating a checkpoint, it exits your Spring application at the same lifecycle phase without requiring the Project CraC dependency/JVM or Linux. This can be useful to check if connections to remote services are required when the beans are not started, and potentially refine the configuration to avoid that.

如上所述,特别是在 CRaC 文件作为可部署工件(例如容器映像)的一部分运送的用例中,在假设任何 JVM “看到”的敏感数据最终都会出现在 CRaC 文件中时进行操作,并仔细评估相关的安全影响。

As mentioned above, and especially in use cases where the CRaC files are shipped as part of a deployable artifact (a container image for example), operate with the assumption that any sensitive data "seen" by the JVM ends up in the CRaC files, and assess carefully the related security implications.

自动检查点/恢复是一种方式,可以“快进”应用程序的启动到应用程序上下文即将开始的阶段,但它不允许完全热身 JVM。

Automatic checkpoint/restore is a way to "fast-forward" the startup of the application to a phase where the application context is about to start, but it does not allow to have a fully warmed-up JVM.