Designing Distributed Systems - A Conversation with Ken Arnold, Part III 阅读笔记

(题外话: 推荐 www.artima.com, 很不错的技术网站, 可能很多同学都知道, 并早已熟读上面的文章了. 恕我孤陋寡闻, 最近因为设计一个尽管很小的分布式系统, 但也遇到了一些棘手的问题, 才按图索骥, 找到了这个网站.)

 

Designing Distributed Systems - A Conversation with Ken Arnold

这是一篇访谈, 讨论的是分布式系统设计.

看这篇访谈前可以先看另一篇文章预热(Introduction to Distributed System Design), 更系统的介绍了分布式系统设计的概念.

访谈中 Ken 给了一些很深刻的见解, 摘抄如下:

"Failure is the defining difference between distributed and local programming, so you have to design distributed systems with the expectation of failure."

"Yes, you have to get done what you have to get done, but you have to do it in the context of failure."

"We gave up on the idea of local/remote transparency. It's a nice thought, but so is instantaneous faster-than-light travel. It is demonstrably true that at least so far transparency is not possible."

 

多系统交互一个很麻烦的地方就在于, 就算单个系统能够保证自身的健壮性, 多个系统之间的协作也可能出现问题, 最常见的比如网络故障, 更何况单个系统的健壮性也很难保证, 而且就算系统本身没有问题, 系统的访问代码也可能存在隐患.

 

因此对于出错, 及出错后怎么处理, 在分布式系统中, 需要很慎重的考虑.

 

在这里 Ken 提到, 尽量保持单个系统的简单是个很重要的手段, 因为简单系统出错后, 总是更容易处理及修复的.

 

之后, 谈到事务, Ken 似乎并不太认可, 进而推荐了另一种方法 "idempotency"(我理解为不断重试, 直到成功), 这种方法, 在不确定环境中用得蛮多的, 比如多线程同步中, 经常可以看到的 while(!predicate) { wait(condition); }

 

这里 Ken 提到了个很有意思的看法, "But a bigger computer is more reliable and cheaper than another programmer. I tend to like simple solutions and scaling problems that can be solved with checkbooks, even though I am a programmer myself."

 

关于 Internet 及的分布式系统, "When you design anything, local or remote, efficiency one of the things you think about",

另一个就是 "Another issue is of course security"

 

最后一段围绕 State, Ken 的第一句很清楚的表达了他的观点 "State is hell."

 

State 即地狱, 但是这个地狱却无处不在, 因此他鼓励尽量设计 Stateless 的系统

"Everything that can be stateless should be stateless"

 

之后, 提到了 State 与 Cache 之间的细微区别

"In this sense, state is essentially something held in one place on behalf of somebody who is in another place, something that is not reconstructible by the other entity that wants it. If I can reconstruct it, it's called a cache.And caches are often OK."

 

最后文章结尾于

"So the question is, "Why have more hell than you need to have?" You have to try and avoid it. Avoid. Avoid. Avoid."

 

感觉 Ken 很重视 State 的问题, 花了很大一段在讲这个, 似乎也没有太多根治的办法, 不过还是有些好的建议

"So I follow the rule: make everything you can stateless. If there is one piece of the system you can't make stateless—it has to have state—tothe extent possible make it hold all the state. Have as few stateful components as you can."