It's quite strange to see there's "unknown" service(marked with red box) going out from "fota-dmserver". Could you help explain?
A service displayed as "Unknown" can be pretty much anything that is not part of the service mesh. It has such a name in Kiali because this service was not declared, so Istio / Kiali have no idea about what it is. It could be, for instance, calls to third party APIs. To declare it, you must use a Service Entry: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry/ .
If you have no idea what it is you should investigate client calls performed from your fota-dmserver service.
Related
I want to know how I can have different implementation of the same service and switch traffic from one to the other when failure starts to occur (active / passive) or have traffic go from a 50%/50% split to a 0%/100% split when service implementation A is not responding. I would expect the 50/50 split to be restored once implementation A starts working again.
For example, I want to have a payment service and I have an implementation with Cybersource and the other with Stripe (or whatever other provider makes sense). My implementation will start returning 504 when they detect that response times on one of the providers is above a certain threshold or good old 500 because a bug occured. At that point, I want the clients to only connect to the fastest (properly working) implementation for a while and gradually retry the failed implementation once the health probe give it a green light.
Similarly for an active/passive scenario perhaps I have a search API and I want all traffic to go to implementation A. However, when that implementation starts returning 5XX, I want traffic to be routed to implementation B which is perhaps offering a degraded experience, but can be used as a backup implementation.
When I read the istio documentation / blogs, etc. I don't see the scenarios above. Perhaps Istio is not the right choice for that ?
I learned about service oriented architecture yesterday, and I have a question about it.
in order to talk to web service provider the initial communication has to be started by a service consumer. Then does it mean that a web service provider cannot talk to another web service directly (because it is not a consumer)?
I do not have enough information to grasp a full scope of what you're getting at exactly. However, I can say that this statement:
Then does it mean that a web service provider cannot talk to another web service directly (because it is not a consumer)
Isn't really true. A program can (programmatically) access data provided by a web service. The web service has no real awareness as to what a 'consumer' is. It only sees (programmatically) the data provided by the client (typically browser data, cookies, cache, etc..). But that doesn't stop anyone from opening a bash shell and curling the website.
This will retrieve any data statically provided by the server. Note that the data may obfuscated using JavaScript as to take measures to prevent any programs outside of a browser environment to access their critical data.
So the answer to that question, is yes and no.
You should ask this question on https://softwareengineering.stackexchange.com/ as it is more relevant to questions regarding programming concepts.
Both from technical and architectural points of view service of course can call another one. Simply, it is changing its role to behave as a consumer for the second service. Just be aware that things may become messy if both services are calling each other both ways to finish their task for a single client request. Though there are often valid scenarios for such behaviour, if both services are managed by the same entity, its worth looking if tasks shouldn't be moved or services merged as this may be a sign of a bad design decisions.
Any piece of software can talk to a web service as long as it can reach it.
Hi my new problem is as follows: I have a web application running on Tomcat 6.0.x, it's behind an Apache HTTPD reverse proxy, there are other machines behind it one of the supposed to communicate with a certain web service (http://bla.com/restricted/stuff/...) while users(that connect from the internet side of the reverse proxy) and other machines should not be able to invoke those methods, preferably not even to know they exist.
Well I know I could use RemoteAddrFilter and filter the IP and although it's spoof-able it could be "close enough" but unfortunately I'm stuck with version 6 of Tomcat.
If I had complete freedom I could setup this service on a different port and then just use iptables to restrict it but unfortunately it has to be same instance of Tomcat and same web application and I am not familiar with a way to restrict a connector to certain areas in a web app.
The application manages it's own security system which cannot be used for authenticating the "caller machine" for "historical" reasons that said making several security constraints is fine but specification here says that one can have only one login-config element so even if I write a different constraint for the restricted URLs I will not be able to block it by requiring a user certificate for example(thus identifying the calling machine) because I already have a login-config.
This more of a "how to do it best" question rather then "I don't know how to do it" because there are plenty of hacky ways to set this up but we don't want to slip to the dark side now do we?
I must say I did try to research the subject but I haven't found any obvious solutions and yet if I missed something elegant and obvious I will be more then happy to hear about it(non trivial solutions are very welcome too :) ) , so thanks for any ideas.
Is it possible for the machines that need to call the "restricted" service to do so by talking directly to the tomcat service at http://example.internal:8080/restricted rather than using the reverse proxy? If so then the simplest method would be to set up the proxy so it does not pass through the restricted URIs at all, which would make it impossible for outside callers to access them.
I need a little help solving an issue regarding .NET web services. I have a desktop application that consumes my main web service. One of the methods gets some report data, but in order to do that, web service (A) calls a method in web service (B). Depending what parameters I pass into "A"s method, it either works or fails. If I pass in a filter, the dataset is pretty small, when I don't pass in a filter obviously the dataset is very large. Additionally, if I run web service "A" in debug mode and point my desktop app to the local version (meanwhile B is on our production server), it works wether I filter the data or not. The error I get is a 502 Bad Gateway on production, and a 502 - Web server received an invalid response while acting as a gateway or proxy server.
We have a web farm with some ARR's, so I went into the web farm's ARR, and found "Proxy" settings and adjusted the timeout to 1200 seconds (whereas my app usually fails within 20-30 seconds) and I'm still receive this error. The HTTP version is in "Pass through" mode with the "keep alive" checkbox checked.
We have no issues using a windows service consuming a web service or anything like that, just when one web service consumes another web service.
Addition,
I'm not using any sessions in my web service methods, and I believe the webmethod I call in web service "B" does have a cacheduration value set of 5 minutes.
I'm scratching my head on this for my lack of knowledge of IIS 7, and many other things. If anyone has any ideas or can point me in the right direction I would certainly appreciate it.
I thought I'd come here and answer this question in case anyone else ran into the same issue. This issue was not server related at all. It was code related. In my code I had a datatable (c#), and was doing a datatable.select(....) where I would pass in a filter with many "OR"'s. Ex. Filter = 'x' OR 'y' OR 'z' etc etc. I had around 100 of these, which caused the datatable.select method to produce a stackoverflow exception. I changed the code to do an "IN (x,y,z)" and it works fine now. Hope this helps someone.
We're making a product which requires a web service to hook up to an existing database used by one of our other products. Owing to time constraints we need to get this thing up and running pretty quickly. Our web server is Apache on a Linux machine, and the client software for the new product is constrained to communication on Port 80. Our dilemma is that we can't just get a new server in time (Apache can't share port 80) and so the plan is to route requests through the existing Apache server.
I know we can hook Apache up to Tomcat using mod_jk, but what I want to do is overlay Apache Axis on Tomcat to make use of SOAP. I'm currently downloading everything I need to test this out, but not having used Axis before, I'm just curious as to whether anybody has actually tried this before and if so, does it / can it work? If there are going to be any roadblocks stopping me from doing this then a heads-up would be much appreciated.
I can't seem to find anything which says this particular setup will or won't work, apart from a posting on the Ubuntu forums which looks similar to what I'm attempting to do but on closer inspection appears to be different.
So to summarise, what I'm curious about is whether accessing a SOAP Web Service through Apache web server, connected to an Axis / Tomcat combo would work?
I'm assuming for now that with a little jiggery-pokery it should be ok, but I'll admit I'm in unfamiliar territory here so any advice / information would be a big help.
Thanks,
Tom
Having just installed and configured all of the necessary components, it appears that this does work. I'm yet to test whether it allows a web service to work from a client machine properly yet, but all signs look good so far!
I worked on a product that had exactly this setup about a year ago. I'm afraid the details are a bit fuzzy, but I don't remember having any problems with the software stack. If you find you need help, comment back here and I'll try to dig up some more info.