"Paul B. Henson" <[email protected]> writes: >> What you ask is a very general question: If A depends on B, and B is >> missing, how do expect A to behave? > > In this specific case, I expect A to complain it was unable to contact > B, to continue initializing, return temporary failures for any > operation which requires B, and reattempt a connection to B on a > regular basis until it is successful. From a reliability and full > tolerance perspective, falling over and dying doesn't seem a very good > choice for the circumstances.
Falling over and dying is the simplest thing. It makes no assumptions about the cause of the problem and when it might be resolved. It does not attempt to carry on in some hobbled fashion, possibly creating further problems. If you depend on services being up, you will need monitors/supervisors to detect when they are not up, and attempt restarts and/or notify you as appropriate. Baking this into the services themselves is a duplication of functionality that can be handled externally. Allan
