Gerrit Pape:
> To me too this readiness IPC ideas and implementations look
> over-engineered.
>
> A good convention for service programs would be to functionally test
> for services it needs very early on startup, and fail if dependencies
> are not available. The service supervisor (any modern init scheme
> seems to now support this) relaunches eventually, until all
> dependencies are fulfilled.
>
The problem with the thundering herd approach is twofold. Firstly, it
really does matter in practice when the machine has tens if not hundreds
of client processes all continually restarting whilst they wait for
(say) the RabbitMQ server to come up. Secondly, these explanations
never seem to take system shutdown into account. In the ordered
services world, shutdown order is the reverse of startup order, and
things generally work. In the thundering herd world, often the theory is
just to send terminate and kill signals willy-nilly to every service on
the system. This almost never works cleanly in any but the most trivial
systems. (People will no doubt be thinking the classic example of NFS
mounts, here. But there are all sorts of possibilities, from /var/
being unmounted before logging services are turned off to the proxy DNS
server being turned off whilst other services are still doing DNS lookups.)
We discussed this on the Supervision mailing list last year:
http://www.mail-archive.com/supervision%40list.skarnet.org/msg00673.html
Received on Sat Sep 03 2016 - 20:01:56 UTC