Eclipse MicroProfile Fault Tolerance API
Provided version of the API: MicroProfile Fault Tolerance 3.0
Background
The Fault Tolerance API was created to help separate execution logic from execution. The execution can be configured with a number of fault tolerance policies.
A full overview for the reasoning behind the API can be found in the README for the source code repository.
Additions to the Fault Tolerance Spec
In addition to the functionality detailed in the spec, the following is also implemented in Payara Server and Payara Micro:
Configurable Executor Services
The managed and scheduled managed executor pool can be configured via the set-fault-tolerance-configuration asadmin command.
The executor service is used to execute methods annotated with @Asynchronous, whereas the scheduled executor service is used by the CircuitBreaker and Timeout interceptors for their timeout operations (scheduling the circuit breaker to be set to half open, and just timing out respectively).
Alternative @Asynchronous Annotations
The Payara specific configuration property MP_Fault_Tolerance_Alternative_Asynchronous_Annotations can be used to specify a comma separated list of fully qualified class names of those annotations that should have the same effect as FT’s @Asynchronous. These annotations do not have to be interceptor bindings.
For example:
MP_Fault_Tolerance_Alternative_Asynchronous_Annotations=javax.ejb.Asynchronous
Annotation Priority
Prior to release 5.192 the order that the fault tolerance annotations are invoked is as follows:
-
Fallback (SPECIAL CASE - you’ll ONLY get here if there is an exception kicking off the asynchronous thread)
-
Asynchronous
-
Fallback
-
Retry
-
Bulkhead
-
CircuitBreaker
-
Timeout
Since the asynchronous annotation is invoked first, if it’s combined with any other fault tolerance annotations they will be processed on the asynchronous thread.
Since release 5.192 interactions between annotations are handled as described by the 2.0 specification effectively nesting computation in the following way (skipping handling for annotations not present):
-
Asynchronous
-
Fallback
-
Retry
-
Circuit Breaker
-
Timeout
-
Bulkhead
-
(calling annotated method; might be wrapped by other interceptors)
As specified the interceptor priority can be changed using the property mp.fault.tolerance.interceptor.priority affecting all annotations including alternative ones.
Fault Tolerance Configuration
Fault Tolerance can be configured by using Admin Console or Asadmin commands.
Using the Admin Console
To configure the Fault Tolerance in the Admin Console, go to Configuration → [instance-configuration (like server-config)] → MicroProfile → Fault Tolerance:
Using Asadmin Commands
set-fault-tolerance-configuration
- Usage
asadmin>set-fault-tolerance-configuration
[--managedexecutorservicename=managedexecutorservicename]
[--managedscheduledexecutorservicename=managedscheduledexecutorservicename]
[--target=server-config]- Aim
-
Provides a way to set the configuration of the fault tolerance service of the targeted config.
Command Options
The options asyncmaxpoolsize and delaymaxpoolsize have been removed as they are no longer applicable due to the configurable managed executor pools being used.
|
| Option | Description | Default | Mandatory |
|---|---|---|---|
|
The Logical JNDI name of the Managed Executor Service to look up. Changes to this configuration require a restart of the server to take effect. |
|
no |
|
The Logical JNDI name of the Managed Scheduled Executor Service to look up. Changes to this configuration require a restart of the server to take effect. |
|
no |
|
The target configuration object to apply the change to |
|
no |
get-fault-tolerance-configuration
- Usage
-
asadmin> get-fault-tolerance-configuration [--target=server-config] - Aim
-
Returns the current configuration options for the Fault Tolerance service on the targeted config.
Upgrading from MicroProfile 3.x to 4.x
MicroProfile 4.0 brings with it a number of changes to MicroProfile Fault Tolerance. There are two incompatible changes with the previous version of MicroProfile Fault Tolerance.
Metric Names and Scopes Changed
The metrics added automatically by MicroProfile Fault Tolerance have been updated to take advantage of support for metric tags which were added to MicroProfile Metrics in version 2.0. As a result, some information which was previously contained in the metric name is now instead included in tags.
In addition, metrics have moved from the application scope to the base scope for consistency with other MicroProfile specifications. Note that this means:
-
Metrics are now exported under
/metricsand/metrics/base, instead of/metricsand/metrics/applicationas in previous versions. -
In the JSON format, when metrics are retrieved from
/metricsthey appear in the base object rather than the application object. -
In the OpenMetrics format, the names are prefixed with
base_instead ofapplication_.
There unfortunately is not a workaround for this change, users must simply ensure that any dashboard or application making use of these metrics must be updated to look at the new locations.
Lifecycle of CircuitBreakers and Bulkheads Specified
In previous versions of MicroProfile Fault Tolerance, the lifecycle of CircuitBreaker and Bulkhead annotations was not specified. These fault tolerance strategies hold state between invocations, so their lifecycle is important for correct functioning.
CircuitBreaker and Bulkhead are now treated as singletons identified by the annotated bean class and the guarded method. This means that if a RequestScoped bean has a method annotated with CircuitBreaker and/or Bulkhead, all invocations of that method will share the same CircuitBreaker and/or Bulkhead state, even though each request will have a different instance of the annotated bean.
There is unfortunately no workaround for this change in behaviour.