Perhaps it's better to avoid such situations entirely and not make your app crash if it cannot reach an external service, merely try again later? Having an application fail fast when one of its dependencies is down makes sense, of course, but it's also a really dangerous approach, since just one cyclic dependency sneaking past could break everything. queue up these requests internally to be retried later, if there are the necessary resources for this (RabbitMQ, or just a lot of RAM) return an error for all services calls that require this external integration If an application cannot reach external services, it should either: This does seem like an application problem. > You can have cyclical dependencies sneaking in the past, that makes it impossible to startup some systems Sadly, my personal experience indicates that many enterprises don't give it any thought and just expect things to work, oftentimes not even knowing about all of their services in enough detail to be able to answer questions about their architecture, nor having a clear way of managing their service instances. You mean to tell me that you can't just coordinate setting "replicas: 0" for all of your services, or the equivalent and to restart them one at a time? If that's really the case, then perhaps it's time to re-evaluate how that situation ever came to be - where's the technical leadership who kept systems scalable, yet manageable? Was that even a concern at any point in time? You can have thundering herds, that you may not have levers to control
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |