-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delivery policy and TriggerEngine revision proposal #554
Comments
A possible implementation may revise the current delivery of messages from Data Updater Plant to Trigger Engine. Revised Syntax (up-to the type of policy/queue combination)Policy: unchanged. "error_type" : [<int>] | '[' <int> '...' <int> ']' | "*",
"excluding" : [<int>],
"retreat_strategy" : "none" | "retry",
"message_ttl" : <int>
Queue: "name" : <string>,
"retry_times" : <int>,
"maximum_capacity" : <int>,
"mc_policy" : "remove_old" | "reject_publish",
"increase_priority_on_failure" : "true" | "false",
"max_priority_level" : <1 ... 10> A RabbitMQ queue either discards failed messages or re-enqueues them near their original position (see here). Possible combinations of policies and queuesAssuming 1,000 messages with 10 KB of payload, a RabbitMQ queue with Astarte's internal messages could use up to 10 MB of memory (see here). In a production environment, we may assume 30-50 installed Astarte interfaces.
|
Other interesting points:
|
Revised proposalDefinitions
DescriptionThe main focus of the policy is error handling upon delivery of events. The payload is described by the action of the trigger. Each policy has a unique name and must be installed like and interface. A policy describes what to do in case of delivery errors and how undelivered events are enqueued. Main components
SyntaxPolicy: {
"name" : <string>,
"error_handlers" : [<handler>],
"retry_times" : <int>,
"maximum_capacity" : <int>,
"event_ttl" : <int>
} If Handler: {
"on" : "client_error" | "server_error" | "any_error" | [<int>],
"strategy" : "discard" | "retry"
} The ExamplesA simple policy: {
"name" : "simple_policy",
"error_handlers" : [],
"maximum_capacity" : 100
} This policy ensures no guarantee of good delivery for any HTTP error. At most 100 events can be in the queue at any time. A more complex policy: {
"name" : "complex_policy",
"error_handlers" : [
{
"error_type" : "server_error",
"retreat_strategy" : "none"
},
{
"error_type" : "client_error"
"retreat_strategy" : "retry"
}
],
"retry_times" : 5,
"maximum_capacity" : 100,
"event_ttl" : 10
} If there occurs an HTTP server error, then Astarte will do nothing. At most 100 events can be in the queue at any time. Implementation detailsThe implementation will revise the current delivery of messages from Data Updater Plant to Trigger Engine. |
See also #117 |
Closed by #583. |
Motivation
AMQP triggers and HTTP triggers are treated differently: an AMQP trigger generates a message which is sent to an exchange, and the handling of delivery errors is up to the third-party client. Instead, a HTTP trigger generates a message and must also handle the delivery of that message.
Therefore, AMQP and HTTP triggers should be two separate things, and HTTP triggers should be provided with a policy to address possible errors.
Definitions
Description
A policy is an attribute of a trigger. The main focus of the policy is error handling upon delivery of messages. The payload is described by the action of the trigger. Each policy has a unique name.
Due to constraint on the dimensionality of data, it is not possible for a policy in the general case to assure that a message will reach its destination (e.g. messages are to be sent to a non-existing resource). However, if the destination is available, policy guarantee the reception of the message - unless explicitly stated otherwise.
The main attributes of a policy are the
error_handling
to adopt if a message does not reach destination and theretry_queues
to use if messages are to be resent in case of failed delivery.Main components
Error handling is done by a list of handlers. Each handler refers to one or more delivery errors and describes the retreat strategy Astarte should take when they occur.
It is possible to select a range of error numbers (e.g. HTTP client errors: [400 ... 499]) and explicitly exclude some in the range.
There are two possible retreat strategies: none (ignore the error) or retry. In case of retrying, an associated retry queue must be added. The default retreat strategy is none on all errors.
The retrying queue is a space containing messages whose delivery has failed and must be resent.
For memory reason, the size of the retrying queue must be fixed and therefore is not optional. This gives an upper bound on the amount of space a retry queue uses.
Every message in a retry queue can be resent up to a specified number of times.
If the number of messages in the retry exceeds the size, the maximum capacity policy specifies what messages to delete. The maximum capacity policy is one between fifo (default) and lifo.
The order in the retrying queue can be based on the timestamp of the first or the last delivery failure.
it is possible to have more than one handler related to the same queue. In this case, all messages in the queue have the same number of retry times, as specified by the queue.
Syntax
Policy:
If
error_handlers
if empty, then messages failing to reach destination are lost.Handler:
The
error_type
list or range must contain only valid HTTP errors. Every error not included in an handler range defaults tonone
repeat strategy."*"
is a shortcut for all errors.excluding
is optional.If
retreat_strategy
is notretry
thenretry_queue
must not be set.Retry queue:
Each message in the queue will be resent up to
retry_times
, unless themaximum_capacity
is exceeded.deletion_order
describes which timestamp to use for ordering the queue, either the one of thefirst_failure
or the one of thelast_failure
.maximum_capacity
sets the size of the retrying queue, whilemc_policy
describes the policy for deletion of exceeding messages.Examples
The simplest policy:
This policy ensures no guarantee of good delivery for any HTTP error.
A more complex policy:
If there occurs an HTTP error outside the range [402, 403, 404], then Astarte will do nothing.
If an HTTP 404 error occurs, then Astarte will try to resend the message up to 5 times, using a retry queue holding up to 500 messages, ordered by timestamp of the first failure;
if more messages are present in the queue, the oldest ones will be deleted, even if they were resent less than 5 times.
If an HTTP 402 or 403 error occurs, then Astarte will try to resend the message up 1 time, using a retry queue holding up to 100 messages, ordered by timestamp of the last failure;
if more messages are present in the queue, the newest ones will be deleted, even if they were resent less than 1 time.
The text was updated successfully, but these errors were encountered: