二郎山/ OTP架构：为SOAish服务的RESTful协议 [英] Erlang/OTP architecture: RESTful protocol for SOAish services

问题描述

让我们想象一下，我们有一个订单一个披萨店处理系统设计和建造。

的要求是：

<强> R1 该系统应客户端和用例无关，这意味着该系统可以通过该初始设计过程中未考虑到的客户机进行访问。例如，如果该比萨饼店决定许多客户使用三星八达以后智能手机，写为八达操作系统的客户机将不会需要重写系统的API和系统本身;或者例如，如果事实证明，使用的iPad，而不是Android设备是送货司机不知怎么好，那么这将是很容易地创建一个iPad客户端，并不会影响系统的API以任何方式;

R2。可重用性，这意味着该系统可以无需重写很多code很容易地重新配置，如果业务流程的变化。例如，如果后来披萨店将接受现金送货司机（接受付款取一个订单VS接受交货付款之前）一起开始接受网上付款，那么这将是很容易的系统适应新的业务流程

R3。高可用性和容错性，这意味着系统应该是在线和应该接受订单24/7

因此​​，为了满足R3，我们可以使用二郎/ OTP，并具有以下结构：

这里的问题是，这种架构有很多硬$ C $光盘，在它的功能。如果，例如，该披萨店将接受货到付款支付接受网上支付被放置在订单之前移动，那么它会花费大量的时间和精力来重写整个系统，并修改系统的API。

此外，如果披萨店需要一些措施以加强其CRM客户端，然后再我们将不得不重新编写API，客户端和系统本身。

因此​​，下面的架构旨在解决这些问题，因此，以帮助满足R1，R2和R3：

在系统中的每个'服务'是一个Webmachine Web服务器与一个RESTful API。这种方法具有以下优点：

• 二郎山/ OTP的一切良善，因为每个Webmachine是一个Erlang的应用程序，它可以监督，可以放进一个Erlang释放;


• 面向服务的架构SOA 的所有利益;


• 容易适应改变业务流程;


• 易于添加新的客户和新的功能，客户端（如到CRM客户端），因为客户端可以（在SOA方面的服务组合性）使用的所有服务的RESTful API的系统，而不是一个'中央'API

所以，从本质上讲，在第二张图片中提出的系统架构是面向服务的架构，每个服务都有一个RESTful API，而不是一个WSDL合同，其中每个服务是一个Erlang / OTP应用程序。

这是我的问题：

1. 图片2：我是想在这里重新发明轮子？我应该只是单纯的Erlang / OTP架构，而不是坚守？ （纯二郎是指填充到释放二郎应用，通过互相交谈
   gen_server：打电话gen_server：投函数调用）;


2. 你能命名建议的方法的缺点是什么？ （图2）


3. 你认为它会更容易比真正的Erlang / OTP之一，保持和发展（R1和R2）这样的系统（图2）？


4. 这样的系统（图2）的安全性可能是一个问题，因为有许多入口点开到网上（所有服务的RESTful API中），而不是只有一个入口点（图1），是不是这样吗？


5. 它是确定有几个策划模块在这样的系统或者一些更好的做法是否存在？ （接受订单，客户关系管理和调度令服务上图2）;


6. 是否纯二郎/ OTP（图1）有超过这种方法（图2）任何优势，在传递信息方面和协议的限制？ （部分原因是我的同类previous <一个讨论href=\"http://stackoverflow.com/questions/11173252/soa-why-do-not-use-erlang-otp-web-servers-as-services\">question, gen_server：拨打VS HTTP REST风格的调用）

解决方案

我要介绍的是相当更具成本效益，改变反应的第三条道路。该架构绝对应该是面向服务的，因为你有明确的服务。但是没有要求公开各服务为宁静或WSDL定义之一。我不是一个Erlang开发者，但我相信有一种方法来调用消息本地和远程进程，从而避免了内部通话不必要的序列化/序列化的活动。但是，有一天，你将面临着新的整合问题。例如，你将整合会计或物流系统。然后，如果你设计好了关于SOA原则，其中最努力将涉及与任何努力重构的其他服务现有连接暴露REST风格的前端包装现有的服务架构。但问题是保持清洁的职责域。我的意思是每个服务应该负责最初设计的活动。

您提到的安全问题是已知的。您应该使用令牌例如所有公开的服务认证/授权。

Let us imagine we have an orders processing system for a pizza shop to design and build.

The requirements are:

R1. The system should be client- and use-case-agnostic, which means that the system can be accessed by a client which was not taken into account during the initial design. For example, if the pizza shop decides that many of its customers use the Samsung Bada smartphones later, writing a client for Bada OS will not require rewriting the system's API and the system itself; or for instance, if it turns out that using iPads instead of Android devices is somehow better for delivery drivers, then it would be easy to create an iPad client and will not affect the system's API in any way;

R2. Reusability, which means that the system can be easily reconfigured without rewriting much code if the business process changes. For example, if later the pizza shop will start accepting payments online along with accepting cash by delivery drivers (accepting a payment before taking an order VS accepting a payment on delivery), then it would be easy to adapt the system to the new business process;

R3. High-availability and fault-tolerance, which means that the system should be online and should accept orders 24/7.

So, in order to meet R3 we could use Erlang/OTP and have the following architecture:

The problem here is that this kind of architecture has a lot of "hard-coded" functionality in it. If, for example, the pizza shop will move from accepting cash payments on delivery to accepting online payments before the order is placed, then it will take a lot of time and effort to rewrite the whole system and modify the system's API.

Moreover, if the pizza shop will need some enhancements to its CRM client, then again we would have to rewrite the API, the clients and the system itself.

So, the following architecture is aimed to solve those problems and thus to help meeting R1, R2 and R3:

Each 'service' in the system is a Webmachine webserver with a RESTful API. Such an approach has the following benefits:

• all goodness of Erlang/OTP, since each Webmachine is an Erlang application, which can be supervised and can be put into an Erlang release;
• service oriented architecture with all the benefits of SOA;
• easy adaptable to changes in the business process;
• easy to add new clients and new functions to clients (e.g. to the CRM client), because a client can use RESTful APIs of all the services in the system instead of one 'central' API (Service composability in terms of SOA).

So, essentially, the system architecture proposed in the second picture is a Service Oriented Architecture where each service has a RESTful API instead of a WSDL contract and where each service is an Erlang/OTP application.

And here are my questions:

1. Picture 2: Am I trying to reinvent the wheel here? Should I just stick with the pure Erlang/OTP architecture instead? ("Pure Erlang" means Erlang applications packed into a release, talking to each other via gen_server:call and gen_server:cast function calls);
2. Can you name any disadvantages in suggested approach? (Picture 2)
3. Do you think it would be easier to maintain and grow (R1 and R2) a system like this (Picture 2) than a truly Erlang/OTP one?
4. The security of such a system (Picture 2) could be an issue, since there are many entry points open to the web (RESTful APIs of all services) instead of just one entry point (Picture 1), isn't it so?
5. Is it ok to have several 'orchestrating modules' in such a system or maybe some better practice exists? ("Accept orders", "CRM" and "Dispatch orders" services on Picture 2);
6. Does pure Erlang/OTP (Picture 1) have any advantages over this approach (Picture 2) in terms of message passing and the limitations of the protocol? (partly discussed in my previous similar question, gen_server:call VS HTTP RESTful calls)

解决方案

I'd introduce the third way that is rather more cost effective and change-reactive. The architecture definitely should be service oriented because you have services explicitly. But there's no requirement to expose each service as Restful or WSDL-defined one. I'm not an Erlang developer but I believe there's a way to invoke local and remote processes by messaging and thus avoid unnecessary serialisation/serialisation activities for internal calls. But one day you will be faced with new integration issue. For example you will be to integrate accounting or logistic system. Then if you designed architecture well regarding SOA principles the most efforts will be related to exposing existing service with RESTful front-end wrapper with no effort to refactor existing connections to other services. But the issue is to keep domain of responsibilities clean. I mean each service should be responsible to the activity it was originally designed.

The security issue you mentioned is known one. You should have authentication/authorization in all exposed services using tokens for example.

这篇关于二郎山/ OTP架构：为SOAish服务的RESTful协议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！