TIPS AND TRICKS FOR YOURSERVICE ORIENTED
ARCHITECTURECakeFest, San Francisco, Sep 2013
WARNING
NO CAKEPHP
AHEAD
This talk is for those...
Stuck with the legacy
dealing with CRONs
in the need of a solid foundation
rely on web services
need a pluggable software architecture
SOA
Agenda
1. Service Oriented WHAT?!?!
2. Tips, Tricks and lessons learned (the hard way)
3. Conclusion
1
SO(A) WHAT?
A software design based on discrete software components, "services", that collectively provide the functionalities of the larger
software application
You typically start with theinfamous web application
which does everything on its own
Then you realize that to providea chat system to your users
PHP might not be the best...
And soon you also decide,to improve performances,
that your frontend should have its ownin-memory persistence, to be faster
and you put it into another service
Then, as always...
SCALE.
And eventually, your lead architectwill come up and tell youthat your Java-based chat
sucks and should bereplaced with...
NODEJS
In human-understandable words, SOA is a software design which embraces splitting a monolithic, totalitarian software
architecture into smaller pieces, thus making them independent, loosely coupled and more maintainable
Ok, but in the real world?
A few points...
DATA
each service might have its own data-layer, but nothingprevents you from sharing data across the services
reads: abstract the data
WEBSERVICES
Services can request data to other services,usually through WSs
POX
SOAP
HTTP
REST
Note to self:check the difference between HTTP and
REST APIs
Note to self:check the difference between HTTP and
REST APIs
(HATEOAS)
Note to self:check the difference between HTTP and
REST APIs
(HATEOAS)
EVENTS
services notify the architecture that an event has happened
asynchronous messaging queues
2
TIPS ANDTRICKS
LEARNT THEHARD WAY
2.1 AVOID SOA
DIFFICULT TO TEST
COMPLEX
SOA would beoverkill for mostof the common
scenarios
But if you're handlinga product or a
monolithic softwarestack, the added
complexity pays offon the long run
2.2 FREETHE DATA
CONSIDER ELIMINATING FK CONSTRAINTS
A service might need to handle data withanother DBMS, so FKs are virtually impossible
ABSTRACT THE DATA
You might think in "rows" but the architecturethinks in "resources"
No more FKs andthe ability of
JOINing to retrievesome related data
But you choosewhat perfectly fits
each service:your transactionsover a RDBMS andyour communityover a graph DB
2.3 Standardize
Build a vast suite of E2E tests
and give your developer a way to easily test
EVERY DEVELOPER NEEDSTHE ENTIRE ARCHITECTURE ON LOCAL
The architecture needsto be installed in
~1 hour
Setting up VMsis an hassle and
they are so slow!
go #vagrant
2.4 IDENTIFYWISELY
AUTHENTICATION IS KING
Centralized authentication = identity service
NEVER HANDLE CREDENTIALS IN CLEAR
NEVER.
man in the middle
NEVER.
man in the middle
SSL
NEVER.
man in the middle
SSL
tokenize
OAuth
OpenID
JWS
JSON WEB SIGNATURE
JSON WEB TOKEN
JSON WEB SIGNATURE
JAVASCRIPT OBJECT SIGNING & ENCRYPTION
JOSEhttp://www.thread-safe.com/2012/03/json-object-signing-and-encryption-jose.html
1. The user enters the credentials once in your frontend
JS APP
AUTHSERVICE
2. The JS app will forward themto your Auth webservice
3. The Auth webservice will then generate the encryptedJWS and set a cookie withits value
JS APP
4. The JS app can now just execute calls usingthat cookie
1. The user enters the credentials once in your frontend
JS APP
AUTHSERVICE
2. The JS app will forward themto your Auth webservice
JS APP
AUTHSERVICE
3. The Auth webservice will then generate the encrypted JWS and set a cookie with its value
JS APP
AUTHSERVICE
4. The JS app can now just execute calls using that cookie
1. The user enters the credentials once in your frontend
JS APP
AUTHSERVICE
2. The JS app will forward themto your Auth webservice
3. The Auth webservice will then generate the encryptedJWS and set a cookie withits value
JS APP
4. The JS app can now just execute calls usingthat cookie
setcookie($name, $jws,$ttl, $path, $domain, true);
setcookie($name, $jws,$ttl, $path, $domain, true);
HTTPS
JWS in PHP?
namshi/jose
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString());
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString());
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString());
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString(), ...);
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString());
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
use Namshi\JOSE\JWS;
$jws = new JWS('RS256');$jws->setPayload(array( 'uid' => $user->getid(),));
$privateKey = openssl_get_privatekey("file://path/to/private.key");$jws->sign($privateKey);setcookie('identity', $jws->getTokenString());
use Namshi\JOSE\JWS;
$jws = JWS::load($_COOKIE['identity']);$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->verify($public_key)) { echo "EUREKA!;}
I can't simplyuse the HTTP
basic authentication,it was so
convenient!
...and flawed.
Modern apps,modern tech.
All myauthenticated
traffic needs to gothrough HTTPS:
it will be soSLOW!
Only if youdon't know
about...
WebP
WebP
lossless compression
WebP
lossless compression
30% smaller than PNG
And if you don'tknow about...
SPDY
HTTP on steroids
(come to my next talk)
(that one won't suck)
2.5 EMBRACEMESSAGING
Don't wait, notify instead
Different services can intercept an even, separately
If one is down, the others keep working
Who cares about milliseconds for notifications?
The human body is the bottleneck
Email?
SMS?
Be reliable
“Daemons are great”
“Daemons are great”- No PHP developer ever
SUPERVISEhttp://cr.yp.to/daemontools/supervise.html
use python ;-)
It doesn’t matter...
if you talk الحروف العربیة
Rabbit makes everyone talk the same language
chat
Batch processing
frontend
sync daemons
transcoding
agony
ERP
telcom
But I PHP
Monogamyis so ‘90
“given a hammer,everything
becomes a nail”
One size doesn’t fit all
2.5 ALWAYS SUNDAY?
Monitor in real time
and do retrospectives
Talking about retrospectives?
Logs are first-class citizens
Sharpen asmuch as possible
Assume thingswill break
All in all...
SOA is complex
A puzzle with more pieces
More things to keep in mind
COMPLEXIS NOT
COMPLICATED
Loose coupling
every service is independent, not forced to theconstraints of a monolithic block
you have the freedom of changing or replacing serviceswithout the hassle of touching an entire system
State-of-the-art defense against outages
Fault tolerance
if one of the services has an outage, the restof the architecture still works
if a service, listening for messages, is down,the publisher doesn't get stuck
Cleaner architecture
SoC happens at architectural, not application, level and you can perform large-scale refactorings without the fear of destroying the entire system
Perfect ground for advanced tooling
...yawn...
Alessandro Nadalin
Alessandro Nadalin
@_odino_
Alessandro Nadalin
@_odino_
Namshi | Rocket Internet
Alessandro Nadalin
@_odino_
Namshi | Rocket Internet
VP Technology
Alessandro Nadalin
@_odino_
Namshi | Rocket Internet
VP Technology
odino.org
Thanks!Alessandro Nadalin
@_odino_
Namshi | Rocket Internet
VP Technology
odino.org
Image credits
http://www.flickr.com/photos/randystiefer/6998037429/sizes/h/in/photostream/http://www.flickr.com/photos/55432818@N02/5500963965/
http://www.flickr.com/photos/pamhule/4503305775/http://www.flickr.com/photos/wili/1427890704/
http://www.flickr.com/photos/nickpiggott/5212959770/sizes/l/in/photostream/http://www.flickr.com/photos/nomad9491/2549965427/sizes/l/in/photostream/
http://www.flickr.com/photos/amyvdh/95764607/sizes/l/in/photostream/http://www.flickr.com/photos/matthoult/4524176654/
http://www.flickr.com/photos/kittyeden/2416355396/sizes/l/in/photostream/http://www.flickr.com/photos/jpverkamp/3078094381/
http://www.flickr.com/photos/madpoet_one/5554416836/http://www.flickr.com/photos/87792096@N00/2732978107/
http://www.flickr.com/photos/petriv/4787037035/http://www.flickr.com/photos/51035796522@N01/111091247/sizes/l/in/photostream/
http://www.flickr.com/photos/m-i-k-e/6366787693/sizes/l/in/photostream/http://www.flickr.com/photos/39065466@N04/9111005211/
http://www.flickr.com/photos/marchorowitz/5449945176/sizes/l/in/photolist-9iAoQ1-8s4ueH-bCWef9-bCWdPh-e48XUm-bu67nh-a7xaEr-8wLiNh-9aYU1k-9F4VUN-dYqzr1-9vosHb-8BtFuw-8P3h2e-9tqc6M-82qpt4-7UgkBJ-dgSnfS-aJiubZ-9Xji2U-9UVpkC-
7BSh7Y-8GE54k-91GHtB-8VMHJ2-8wiwvo-aCmPCg-925Tg8-bcBv9T-dGUseY/http://www.flickr.com/photos/blegg/745322703/sizes/l/in/photostream/
http://www.flickr.com/photos/centralasian/4649550142/sizes/l/in/photostream/http://www.flickr.com/photos/pennstatelive/4947279459/sizes/l/in/photostream/
http://www.flickr.com/photos/tjblackwell/7819341478/http://www.flickr.com/photos/brainbitch/6066375386/
http://www.flickr.com/photos/nnova/4215594009/http://www.flickr.com/photos/publicenergy/2246574379/
http://www.flickr.com/photos/andrewteman/4592833017/sizes/o/in/photostream/http://www.flickr.com/photos/beautifulrevelry/8548004964/sizes/o/in/photostream/
http://www.flickr.com/photos/denaldo/5066810104/sizes/l/in/photostream/http://www.flickr.com/photos/picturewendy/8365723674/sizes/l/in/photostream/http://www.flickr.com/photos/danielygo/6644679037/sizes/l/in/photostream/
http://www.flickr.com/photos/ross/7614352/sizes/l/in/photostream/http://www.flickr.com/photos/75932013@N02/6874087329/sizes/l/in/photostream/
http://crucifixjel.deviantart.com/art/300-Wallpaper-03-66516887
Top Related