That also works, yes.
I was unsure if sending the client your failure was OK for you.
On 8 August 2014 at 14:16:34, Lawrence Wagerfield (lawre...@dmz.wagerfield.com)
wrote:
Hi Konrad,
Many thanks for humouring my paranoia! Greatly appreciated.
I have since implemented another approach that I believe to provide resilience
against such an error without the performance hit. Please could you cast your
eyes over it? This isn't the exact code, but it captures the workflow:
// Parent code...
def supervisorStrategy =
OneForOneStrategy(loggingEnabled = false, maxNrOfRetries = 1) {
case _ => Restart
}
// Child code...
override def preRestart(reason: Throwable, message: Option[Any]): Unit =
if (!responseSent) {
client ! reason
context stop self
}
On Friday, August 8, 2014 1:09:20 PM UTC+1, Konrad Malawski wrote:
Hey Lawrence,
If you're willing to sacrifice performance because someone might do something
somewhere wrong then, well, it'll be tough-er.
I'd do believe that teams can be educated (and have always worked hard on this
in my teams), but I see your point, so let's simplify the code.
In your case you can make the system more resilient towards programmer error if
the service actor will do the reply to the client actor. Instead of passing
down the actor ref to the client, tell the worker to do the work. When it's
done it should `sender() ! (workId, "im done, here's the stuff")`, then the
service actor can find where it should reply and reply to the client actor.
Since now the decision is made in one point – in the service actor – if the
work succeeded of failed, it's simpler to maintain :-)
On Thu, Aug 7, 2014 at 6:09 PM, Lawrence Wagerfield
<lawr...@dmz.wagerfield.com> wrote:
It certainly makes sense. I wouldn't expect the send/stop operation to fail any
more than I would expect the whole supervision framework to fail.
What I'm trying to defend against ultimately comes down to programmer error.
Its quite likely that I'm being irrational in my perception of how errors might
be introduced. E.g. a programmer might add some 'exceptional' code after the
send - that in itself would be a bug, but I'd like for the error to be
contained and not corrupt the rest of the system with race-conditioned 'failure
after success' messages.
I believe the approach I posted just before your answer might work, using the
restart to transmit failure within the transaction itself. It could ensure it
doesn't send the message if the success message had already been sent.
What are your thoughts?
(p.s. I know that running with the 'incompetent developer' assumption means
they could quite-equally cock-up the fault handling code - but providing they
didn't, it would mean all other exceptions would be handled gracefully.)
On Thursday, August 7, 2014 4:26:33 PM UTC+1, Konrad Malawski wrote:
What I'm playing at is:
Assumptions:
I'm assuming we're talking about all these actors in the same JVM, nothing you
wrote is hinting a clustered env.
Execution:
If your actor reaches the point in the code where it `client ! result` and does
nothing (bold italic nothing, as in "stopping" :-)) afterwards – it just stops
itself (so no new messages will be processed, even it there are some in the
mailbox left).
Then, there can be no supervisionStrategy triggering failure as the send is the
last thing this actor has performed.
Then, there will be no next message processed, because it has stopped, thus no
such next message can trigger an supervisionStrategy triggering failure.
Which means that, there is no user-land exception that can happen after that
"successful" message send.
Exceptions that may trigger the parent's supervision strategy are from there on
only fatal errors, and from these you are not able to recover a system anyway
(out of memory etc).
Which means that, there will either be a successful message send and no
failure, or there will be a failure – so the code will not reach the message
send.
So, in a local setting, you do not need to do anything more than you currently
do – just make sure about this "last thing my actor does is this send" rule.
If we're talking about a distributed setting, it's more difficult, and I
suggested a solution of this via replying via the master.
client -> master -> worker // create work
worker -- "done-1" --> master -- "done-1" --> client
Which creates more message sends, but then the master knows that the job was
successful.
There are optimisations around this scheme one could apply, but as I understand
this thread, we're talking local system here.
Hope this helps!
On Thu, Aug 7, 2014 at 4:30 PM, Lawrence Wagerfield
<lawr...@dmz.wagerfield.com> wrote:
Are you suggesting the default decider combined with a one-for-one strategy
with a max retry attempt of 1, combined with the following code?:
override def preRestart(exception)
client ! exception
context stop self
On Thursday, August 7, 2014 12:29:05 PM UTC+1, Konrad Malawski wrote:
Hi Lawrence,
In general, exactly one entity in a distributed system should be responsible
for deciding about success / failure,
otherwise there always will be a race of some kind.
In your case though, the problem arrises because the service actor does not
know if the transaction actor has completed the work,
so how about sending the response back through the transaction actor?
Also, in your case, can the transaction actor fail after sending it's response
to the client actor, how would that happen (with a NonFatal exception)?
I'd expect it to do `client ! stuff; context stop self`, is that not the case?
On Thu, Aug 7, 2014 at 8:59 AM, Lawrence Wagerfield
<lawr...@dmz.wagerfield.com> wrote:
I have problem that involves synchronising outbound messages from a parent
actor and its child actor. This particular problem is with regards to
forwarding failure messages to clients.
Here is the example:
I have a service actor that receives a request from a client actor.
The service actor creates a new child transaction actor to deal with said
request, which then response directly to the client actor after performing the
work.
If the transaction actor fails, it is stopped by the service actor which then
sends a failure report to the client actor.
The problem is the client actor must now support receiving failures after
receiving the response it is actually interested in - otherwise the potential
'post-workload' failures from the transaction actor may deadletter, or worse,
be misinterpreted by the client actor (i.e. a failure for a subsequent
transaction).
I have considered an approach whereby the client actor must wait for the
transaction actor to terminate before safely continuing, since after that
point, it can be guaranteed that no more messages will be received.
Is there a common solution to this problem?
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+...@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
--
Cheers,
Konrad 'ktoso' Malawski
hAkker @ Typesafe
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+...@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
--
Cheers,
Konrad 'ktoso' Malawski
hAkker @ Typesafe
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+...@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
--
Cheers,
Konrad 'ktoso' Malawski
hAkker @ Typesafe
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+unsubscr...@googlegroups.com.
To post to this group, send email to akka-user@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
--
Konrad 'ktoso' Malawski
hAkker @ typesafe
http://akka.io
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+unsubscr...@googlegroups.com.
To post to this group, send email to akka-user@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
