David Lloyd [
http://community.jboss.org/people/dmlloyd] created the discussion
"Re: Remoting Transport Transaction Inflow Design Discussion"
To view the discussion, visit:
http://community.jboss.org/message/621538#621538
--------------------------------------------------------------
Mark Little wrote:
> > Mark Little wrote:
> >
> > "Keeping in mind that this is nowhere near the only process of this
complexity to be tested - and no, don't trot out "it's more complex than you
think" unless you want to enumerate specific cases (which will probably then be
appropriated into additional tests) - I think we'd follow the same approach we'd
follow for testing other things. We'd unit test the protocol of course, and test to
ensure that the implementation matches the specification, and verify that the protocol
handlers on either "end" forward to the proper APIs."
> >
> > Go take a look at the QA tests for JBossTS. You'll see that a sh*t load of
them are covering recovery. And then take a look at XTS and REST-AT. You'll see that a
sh*t load of them are covering recovery. Want to take a wild stab in the dark why that
might be the case ;-)? Yes, it's complex. It's got to be fault tolerant, so we
have to test all of the cases. There are no edge-cases with transactions: it either works
or it fails. Unit tests aren't sufficient for this.
> Well, it's always good to have a set of existing projects to draw test scenarios
from. But otherwise I don't think this is directly relevant to the discussion: unless
you're saying "we must test these 200 different scenarios before I let you type
'git commit'". We need high quality, detailed tests for every subsystem.
For example having thorougly tested transactions doesn't do us a lot of good if, for
example, our JPA implementation or HornetQ or something was writing corrupt data. I mean
everything needs thorough testing. Just the fact that these other projects have lots of
tests covering recovery doesn't mean that those tests are necessary, and on the other
hand, there may be many scenarios unaccounted-for in these tests as well. AS is riddled
with highly complex systems that need detailed testing.
I'm saying that if we are talking about developing a new distributed transaction
protocol using JBR instead of CORBA, then I will need to see all of the transactions use
cases we have covered in QA pass against this new implementation. Call me overly
pessimistic, but even if you think that the scenario is narrowly focussed/self contained,
I like the nice warm fuzzy feeling that passing QA tests brings.
Okay, that's
reasonable, but bear in mind that what we're talking about is probably going to be
more constrained in some ways, so we may need fewer, or at most a few different, tests.
Some of these tests may simply verify that things we don't support in this scenario
are explicitly disallowed for example.
Mark Little wrote:
> In this particular case (solution 2 that is), we're specifying an
implementation for XAResource, a transport for it, and an endpoint which controls
XATerminator; this says to me that our tests can be limited in scope to testing this
mechanism from end to end. As I said if we have other projects we can draw recovery
scenarios from, that's fine, and we will do so. I don't know what else to tell
you.
And the A->B->C scenario simply isn't possible?
A->B->C yes is
possible, however this is really (A client -> B server -> (a bunch of existing
stuff) -> B client -> C server); which is to say that if we verify that we follow
the rules for what we implement, then it's up to JBTS to follow the rules for what
+it+ implements. Testing multiple steps like this is the task of the aforementioned QA
tests, I suppose, for the "warm and fuzzy" quality, but it wouldn't be
covered in the unit tests for any of the individual pieces as it is expected that the
components that they interact with all behave according to contract.
Mark Little wrote:
> > "Case 1 cannot be made to work when a local TM is present without adding
some notion in the EE layer to determine whether it should use the local UserTransaction
or the remote one. This is possible but is a possibly significant amount of work."
> >
> > How significant? If we're putting all options on the table then this needs
to be there too.
> The problem is that we'd need some way to control which kind of UserTransaction
is pulled from JNDI and thus injected into EE components. This can depend on what the
user intends to do with it; thus we'd need to isolate many use cases and figure out
what level this should be done at (deployment? component? server-wide?), and we need to do
some analysis to determine where and how the remote server connection(s) should be
specified and associate the two somehow. We're basically choosing between TMs on a
per-operation basis. This type of configuration is unprecedented as far as I know - I
think the analysis would take as long as the implementation, if not longer. Because it is
not known exactly how this should look, I can't say how much effort this is going to
be other than "lots".
Interestingly we've had several TS f2f meetings where the discussion has arisen
around running local JTA and remote JTA (JTS) in the same container. Jonathan can say more
on this, since he was driving those thoughts.
However, let's assume for the sake of argument that initially we decide that in any
container-to-container interactions that require transactions you either have to use HTTP,
SOAP/HTTP or IIOP, but want to leave the door open for other approaches later, would we be
having a different discussion? We discussed suitable abstractions earlier, which could be
independent of any commitment to changes at this stage, so I'm still trying to figure
out what all of those abstractions would be.
Well, all of this is predicated on the
assumption that we still need some kind of remote control of transactions from server to
server when using the Remoting-based transport in order to fulfill our obligations for
existing functionality. If we can work it out or establish that this is not the case,
then sure, we can revisit this discussion at a later time, assuming that such time would
ever arrive. I would very much like the opportunity to be able to work on establishing
requirements for such an abstraction. Such a discussion should come hand in hand with
fixing the shortcomings of XATerminator in the JCA specification as well though, as these
seem to me to be two faces of the same problem.
Mark Little wrote:
> > Mark Little wrote:
> >
> > "Theoretically each successive "step" will treat the TM of the
subsequent "step" as a participating resource. As to D calling A, that will
only work if the TM is clever enough to figure out what's happening (I don't see
why it wouldn't as the Xid should, well, identify the transaction so A should
recognize its own; but that's why we're having this discussion)."
> >
> > Please go take a look at what we have to do for interposition in JTS. And
it's not because JTS is more complex than it needs to be: interposition is a
fundamental concept within distributed transactions and the problems, optimisations,
recovery semantics etc. are there no matter what object model or distribution approach you
use. Take a look at XTS too, for instance.
> Yeah but keep in mind that we're dealing in a strict hierarchy here, there are
no peers. The transaction isn't so much "distributed" as it is
"controlled"; caller always dominates callee. This if D calls A the behavior
I'd +expect+ would be that A would treat the imported work as a different or
subordinate transaction; it need not really have any direct knowledge that the two are
related since the D→A relationship is controlled by D, and the C→D relationship is
controlled by C, etc. If the D→A outcome is in doubt then it's up to D to resolve that
branch, not A. But that's just my ignoramus opinion.
Controlling the transaction termination protocol is definitely a parent/child
relationship; that much is obvious. However, I still don't see how you can say that
A->B->C->D isn't possible (remember that each of these letters represents an
AS instance). So the transaction flows between (across) 4 AS instances. It could even be
A->B|C->D|E->A, i.e., a (extended) diamond shape if you draw it out.
I
don't think I said it wasn't possible, or at least I didn't intend to. I
think supporting trees or linear chains of appservers is fine. I just don't think we
necessarily have to support A->B->A kinds of scenarios or other non-tree (especially
cyclic) directed graphs as this is not generally a good fit for Remoting in the first
place; one would normally choose IIOP or JRMP for this kind of topology. Now we +could+
support this, of course, and if we did I imagine it might be a good idea to treat ->A
as a wholly new branch of the transaction, or even as a wholly new global transaction,
rather than trying to reconcile what resources on A are already active in the transaction
or whatever else you have to do for JTS style interposition. Likewise if we have
A->B->C and all three access a common resource, I don't think that we
necessarily need to support resource sharing in the Remoting scenario (though if we can,
that's great).
That said, I think that a proper implementation ought to be able to mix and match the
approaches. A linear chain of app servers and their resources using the Remoting
transaction approach could terminate an a JTS "cloud" of appservers, which in
turn could enroll more linear chains of app servers and their resources, so long as the
contstraints we place aren't broken (for example if we don't support shared
resources in the Remoting chains then we simply don't).
Mark Little wrote:
> Here's what I consider to be a likely, real-world scenario:
>
> Host A runs a thin client which uses the "solution 1" mechanism to control
the transaction when it talks to Host B.
> Host B runs a "front" tier which is isolated by firewall. This tier has
one or more local transactional databases or caches, and a local TM. The services running
on B also perform EJB invocations on Host C.
> Host C is the "rear" tier separated from B by one or more layer of
firewall, and maybe even a public network. B talks to C via remoting, using
"solution 2" to propagate transactions to it, using the client/server style of
invocation.
> Host C participates in a peer-to-peer relationship with other services on Hosts D,
E, and F in the same tier, using Remoting or IIOP but using JTS to coordinate the
transaction at this level since C, D, E, and F all mutulally execute operations on one
another (and possibly each consume local resources) in a distributed object graph style of
invocation.
>
> Note you can substitue A and B with an EIS and everything should be exactly the same
(except that recovery processes would be performed by the EIS rather than by B's TM).
>
> Everything I understand about transaction processing (which is definitely at least
as much as a "joe user") says that there's no reason this shouldn't
"just work". And we should be able to utilize existing transaction recovery
mechanisms as well.
In this scenario why wouldn't we use something like REST-TX or XTS when bridging the
firewall? Then we'd be in the transaction bridging arena that Jonathan and team have
been working on for a while.
Well, you could, of course (at least you could use XTS, but not REST-TX unless we designed
our own EJB-over-REST protocol). Or you could use an IIOP proxy. And we could map our
management protocol on to SOAP, or IIOP. But the point is that all of these approaches
are a pain for users and all lack the advantages of a native protocol - namely
performance, more flexible and efficient security, simpler client and server
implementation (i.e. no SOAP bindings or monkeying with IDL). In other words, I can say
"connect to this URL, authenticate thusly, give me this EJB, and start calling stuff
on it" with a native client, which you cannot do without extra steps and a lot of
configuration and complexity in SOAP or even CORBA. It's the API simplicity of RMI
(simpler, really) with sane firewall-friendly connection semantics and much better
performance, or at least that's the idea.
Could we drop a native transport in favor of SOAP+IIOP? Absolutely. But it would suck,
IMO. I think a native transport is an essential tool, and it's something we've
provided in the past, but it's not up to me to make that call in any case. Even if we
dropped it though, I'd probably develop it in my free time anyway just because I have
no inclination to use SOAP or IIOP for my personal projects, and it's something I
believe in. Granted my free time projects have this way of winding up back in the middle
of things these days.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/621538#621538]
Start a new discussion in JBoss Transactions Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]