CN117749892A

CN117749892A - Service scheduling method and device

Info

Publication number: CN117749892A
Application number: CN202311524571.0A
Authority: CN
Inventors: 吴凡; 卞建玲; 宋振乾; 李庶衍; 刘立石; 焦文韬; 刘文祎
Original assignee: Beijing China Power Information Technology Co Ltd
Current assignee: Beijing China Power Information Technology Co Ltd
Priority date: 2023-11-15
Filing date: 2023-11-15
Publication date: 2024-03-22

Abstract

The embodiment of the application discloses a service scheduling method and device. In the method, a service gateway is deployed in each service center station, and the service gateway obtains a service scheduling request of a user through a service system based on a preset two-stage mutual trust protocol, wherein the service scheduling request comprises encryption parameters; the service gateway sends the service scheduling request to the corresponding service center through a preset service route so that the service center performs signature verification on the encryption parameter of the service scheduling request, and if the verification is passed, the service gateway returns the corresponding center service; the service gateway provides the middle service for the user through the business system. Therefore, by utilizing the scheme provided by the embodiment of the application, the service gateway configures the verification path for the encrypted service scheduling request, and the service gateway sends the encrypted service scheduling request to the service center for verification, so that the security of service scheduling is improved.

Description

Service scheduling method and device

Technical Field

The present disclosure relates to the field of service scheduling, and in particular, to a service scheduling method and apparatus.

Background

The shared services issued by the middle stations have great differences in technical routes, issuing modes, authentication control, management means and the like, so that a developer cannot acquire the latest service information in time when using the middle station services.

In the prior art, the functions of service registration, release, routing, authentication, evaluation, cancellation and the like of service scheduling are basically met through a unified service scheduling component.

However, in the process of supporting service scheduling, the current unified service scheduling component cannot flexibly configure a service scheduling request checking path according to whether a service system is integrated with a password service platform, so that uncontrollable risks exist for the security of the service scheduling itself.

Disclosure of Invention

The embodiment of the application provides a service scheduling method and device, which can improve the safety of service scheduling.

The first aspect of the present application provides a service scheduling method, where the method is applied to a service gateway, where the service gateway is deployed in each service center, and the method includes:

acquiring a service scheduling request of a user through a service system based on a preset two-stage mutual trust protocol, wherein the service scheduling request comprises encryption parameters;

sending the service scheduling request to a corresponding service center through a preset service route, so that the service center performs signature verification on encryption parameters of the service scheduling request, and if the verification is passed, returning corresponding center service to the service gateway;

And providing the middle service for the user through the business system.

Optionally, the method further comprises:

and carrying out flow limiting control on the service scheduling request according to the service requirement of the service center, and returning a service scheduling failure result to the user through the service system when the service scheduling request reaches a preset flow limiting condition.

Optionally, the method further comprises:

when the service gateway fails, setting the states of all services as fusing states;

and checking the fusing state, wherein the fusing state comprises service quality information in a preset time period.

Optionally, the method further comprises:

authorizing an interface of a business system of an external network through the preset penetration capability of the isolation equipment service;

and acquiring the authorized service scheduling request of the service system of the external network through an information security network isolation device.

Optionally, the method further comprises:

and according to the service demands of the service system, the response capacities of the service route and the authentication resource are adjusted according to a preset elastic expansion strategy.

Optionally, the method further comprises:

And providing service monitoring capability corresponding to the middle platform service based on the cloud platform, wherein the service monitoring capability comprises monitoring of key components of an enterprise service bus, monitoring of service calling conditions, monitoring of service calling logs and monitoring of service calling links.

Optionally, the method further comprises:

and merging the service systems of each service center, importing the application data of the merged service systems, combing the interface information of each service center, and registering the interface information to enable the service gateway to be deployed in each service center.

A second aspect of the present application provides a service scheduling apparatus, where the apparatus is applied to a service gateway, where the service gateway is deployed at each service center, and includes:

the system comprises an acquisition unit, a service scheduling unit and a service scheduling unit, wherein the acquisition unit is used for acquiring a service scheduling request of a user through a service system based on a preset two-stage mutual trust protocol, and the service scheduling request comprises encryption parameters;

the sending unit is used for sending the service scheduling request to the corresponding service center through a preset service route so that the service center performs signature verification on the encryption parameter of the service scheduling request, and if the verification is passed, the corresponding center service is returned to the service gateway;

The sending unit is further configured to provide the middle-platform service to the user through the service system.

Optionally, the apparatus further comprises:

and the flow limiting unit is used for carrying out flow limiting control on the service scheduling request according to the service requirement of the service center station, and returning a service scheduling failure result to the user through the service system when the service scheduling request reaches a preset flow limiting condition.

Optionally, the apparatus further comprises:

the fusing unit is used for setting the states of all services to be fusing states when the service gateway fails; and checking the fusing state, wherein the fusing state comprises service quality information in a preset time period.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic view of an exemplary application scenario provided in an embodiment of the present application;

fig. 2 is a schematic flow chart of a service scheduling method according to an embodiment of the present application;

fig. 3 is a schematic diagram of a service system architecture using a service center provided in an embodiment of the present application;

fig. 4 is a schematic flow chart of service monitoring according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a gateway component according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a service scheduling device according to an embodiment of the present application.

Detailed Description

For easy understanding, first, an application scenario of the embodiment of the present application will be described.

The current shared services issued by each service center have great differences in technical routes, issuing modes, authentication control, management means and the like, so that when a developer uses each center service, the developer cannot acquire the latest service information in time, the service information cannot be acquired through the same channel, the technical routes, the authentication modes and the penetrating modes are not uniform, the foreground is applied to repeated development in the construction process, repeated adaptation is realized, a large amount of workload is increased, the whole value of the service center cannot be exerted, and corresponding obstruction is brought to the process that the manager, the operator, the user and the developer of the service center jointly push the center to strategic landing.

In the prior art, the online implementation of the enterprise-level unified service scheduling component is completed, the functions of service scheduling such as service registration, release, routing, authentication, evaluation and cancellation are basically met, the development and optimization of the functions of the enterprise-level component are accelerated, and the transformation and switching of middle-stage service and service application, full-volume nano-tube and real-time monitoring are comprehensively promoted. Through integrating with the digital capability open platform and the unified authority platform, the service catalog issue, the authorization application and the application token issue, the authentication and the authentication are realized.

As can be understood with reference to fig. 1, fig. 1 is a schematic view of an exemplary application scenario provided in an embodiment of the present application.

As shown in fig. 1, a user accesses a service system through a user gateway (e.g., a micro service gateway), most of the requests of the service system can be completed by accessing a database, and for a few data from a service center, the service center is accessed through a unified service dispatch gateway (i.e., a service gateway). The middle station service is to precipitate the capacity required by the public cross system by the business service, and the capacity is opened by the unified service scheduling component to be provided for different business systems.

The current unified service scheduling component cannot flexibly configure an information checking path according to whether an application itself is integrated with a password service platform or not in the process of supporting service scheduling, and uncontrollable risks exist for the safety of the service scheduling itself. In addition, service scheduling currently cannot verify its own critical performance with enough data, and there is a certain unreliability; there is also no intuitive view to reveal the logical relationship of service scheduling, and there is some agnostic to the dependency relationship between services; there is no flexible deployment scheme and emergency guarantee mechanism, and there is a certain uncontrollable problem for version upgrade, emergency treatment, etc.

Referring to fig. 2, the flow chart of a service scheduling method provided in the embodiment of the present application is shown. The service scheduling method provided by the embodiment of the application is applied to the service gateway, and the service gateway is deployed on each service center station, for example, the service scheduling method can be realized through the following steps S201-S203.

S201: and acquiring a service scheduling request of the user through a service system based on a preset two-stage mutual trust protocol.

In the embodiment of the application, the service gateway is composed of a unified service scheduling component, and two-stage service penetration is realized through the unified service scheduling component. The two-level service penetration is realized by using the dispatching gateway respectively by headquarters and network provinces, and each business application only communicates with the dispatching gateway of the province (city). The middle service of the opposite terminal headquarter (province) is not directly accessed. The security and manageability of two-level access are improved.

Specifically, the unified service dispatch gateway performs two-stage through proxy on the service through a two-stage mutual trust protocol. The two-stage penetration should be transparent to business applications, shielding the differences between the penetration, and digesting the differences inside the unified service dispatch component. The mutual trust mechanism needs to be added when interface call is carried out among all unified service dispatch components. The mutual trust mechanism adopts a digest signature algorithm, a calling party adds encryption parameters to a request header, and a called party carries out signature verification on the request source message header to verify whether the request terminal is legal or not.

In one implementation manner of the embodiment of the application, the interface of the service system of the external network is authorized through the preset penetration capability of the isolation equipment service; and acquiring the service scheduling request of the authorized service system of the external network through the information security network isolation device.

Specifically, the penetration design adopts an information security network isolation device logic type, and the service system of the information external network is authorized to access through the penetration capability of the isolation equipment service. The service system maintenance aspect supports an external network application system, when in use, the external network application use interface is authorized, after the authorization and approval are passed, the service scheduling request access from the information security network isolation device is marked as the external network application, and the service scheduling request of the external network is independently protected and the request audit record is carried out, so that the external network service system is not different from the internal network service system in use aspect.

As shown in fig. 3, the diagram is a service system architecture diagram using a service center provided in the embodiment of the present application, the left side of the security isolation device is a unified service scheduling component set on an intranet, where the upper part of a dotted line is a management information area on the headquarter side, and specifically includes a digital capability open platform (including a service directory, a service application, and a service micro portal), a unified authority platform (for token issuing and authentication, and authentication), a management background (for service automatic registration, service directory management, service authorization approval, service log monitoring, route management, and flow control policies), a user (including a browser, a client, and a mobile application), a user gateway (for service routing, session management, user authentication, and log collection, etc.), a service application (PMS 3.0, 2.0, and an intelligent sharing financial platform, etc.), a service gateway (for service routing, application authentication, service authority control, and two-stage communication, etc.), and a service center (including a grid resource center, a client service center, a center, and a project center); the lower part of the dotted line is a management information large area at the provincial company side, and specifically comprises a network provincial channel (comprising a service catalog, a service application and a service micro portal), a unified authority platform (used for token issuing and authentication), a user gateway (comprising service routing, session management, user authentication, log acquisition and the like), a service application (comprising PMS3.0, marketing 2.0 and the like), a service gateway (used for service routing, application authentication, service authority control, two-stage through and the like), a service center (comprising a power grid resource center and a customer service center) and a management background (used for service automatic registration, service catalog management, service authority approval, service log monitoring, route management and flow control strategies). The right side of the safety isolation device is a unified service scheduling component arranged on an external network, the unified service scheduling component can be deployed on a customer service center in an Internet area, an application system of the external network comprises an i-state network, an external network application, an online state network, 95598 customer service and the like, and a service scheduling request from the external network is received through the safety isolation device.

In one implementation of the embodiments of the present application, service registration is performed based on a nearby service registration principle. The service types supported by the unified service scheduling component include REST service, subscription service, webservice service, webSocket service.

REST service is a service based on HTTP request and REST style, which is currently common, and the REST service is currently a service which is currently mainstream, and service interfaces are basically provided for all service center stations according to REST style.

The subscription service is a message-based service, and the subscription service is managed by uniformly managing the relationship between a producer and a consumer of the service and the message subject. When the unified service scheduling component registers, the subscription service needs to distribute corresponding information such as message theme, description of message content, message trigger factor and the like so that the subscriber can conveniently know the value of the message, and when the message is generated, the unified service scheduling component sends the message to a message queue or HTTP callback of each message subscription application.

The Webservice is a common service in SG-ERP, and the unified service scheduling component performs unified nano-tube on the existing Webservice and provides unified service access control, and registration and release management of Webservice class services are also performed. In addition, the scheduling component provides interface conversion service to convert the Webservice interface into the REST interface, and the REST interface is registered to the scheduling component as well, so that a service system can conveniently select a required access mode.

The WebSocket service is based on the streaming service type, and the scheduling component authenticates and proxies the service establishment connection, so that the unified nano tube of the WebSocket service is realized. Wherein WebSocket pushed against user messages is not within this range.

Specifically, the unified service scheduling component supports control of interface data authority, when the interface is registered, the dimension to which the data authority belongs is selected, and when the service system applies for registration, the dimension to be used can be selected. For example, the data dimensions are 28 (headquarter and 27 company, city), when the business system applies to use the interface, one or more of the 28 dimensions must be selected (according to the actual business), after the approval process is passed, when the business system accesses the data authority interface, the service gateway automatically adds the value of the authority given by the dimension parameter for distinguishing the data authority of the middle service.

The unified service scheduling component supports access authority control of the interfaces, and after the service system is authenticated, the unified service scheduling component simultaneously checks whether the service system has the access authority of the corresponding interfaces, if the service system has the access authority, the service scheduling request is forwarded, and otherwise, the service scheduling request is intercepted.

In another implementation manner of the embodiment of the present application, the service routing capability is a core capability of the unified service scheduling component for external support, the service routing mode is a main difference of each current service center station, the service system is used, the influence is the biggest, and the service routing capability is a key capability of a unified service entrance, and the routing default rule is described in a standardized manner by the unified service scheduling specification. The service route is divided into public route rule and self-defined route rule.

The common routing rule is a rule mode adopted by the system by default, and adopts a mode of adopting micro service coding in the first section context of the path and then adopting a micro service interface path. For example, an http:// gw.sgcc.com.cn/yx-customer-service/customer/info interface, where yx-customer-service is the encoding of the micro-service and subsequent customer/info is the actual path of the interface in the code.

The custom rules are used for meeting the personalized demands of the service system on the URL, and the mode of rewriting the path is adopted to meet the demands of the service system on the path. For example, the platform context in the power grid resource is/WMCenter, but according to the path rule of the micro service context, it is impossible that all the platform services in the power grid resource are implemented in the same micro service, so that it is necessary to support URL for rewriting. The rewriting rules support URL and header information, can be matched randomly, and meet the requirement of multiple versions of the Huayun version-power grid resource middle platform.

It should be noted that, in view of matching performance issues, the routing rules should in principle not exceed 1000 per gateway tenant.

S202: and sending the service scheduling request to the corresponding service center through a preset service route so that the service center performs signature verification on the encryption parameters of the service scheduling request.

In the embodiment of the application, the application authentication is the capability of the unified service scheduling component to identify the application, the application obtains the token through the issued key, and the process of the unified service scheduling component obtaining the application information through the token is called application authentication. The application data originates from unified rights, and for applications that exist on the digital capability opening platform but are not in the unified rights, the rights are synchronized by the digital capability opening platform and keys are issued by the rights. Application authentication returns the capability of the token through application app id and secret information, the function is integrated with unified rights, and the scheduling component proxies the capability. The application authentication adopts the national network standard OAuth2 protocol to carry out token interaction and communication.

In one implementation manner of the embodiment of the present application, the service authority control is that after the application passes authentication, the access authority control is performed on the object accessed by the application, that is, the registered middle server. The authorization of the service authority can be managed in the unified service scheduling component, the management background performs flow approval and authorization on the service and the interface accessed by the application, and after approval, the approval authority data is synchronized to the scheduling gateway for authority authorization control of the original data.

In one implementation manner of the embodiment of the application, the service log is a basis for analyzing data for operation in a later period of the unified service scheduling component, and is a main value-added capability of the unified service scheduling component. The unified service dispatch gateway should adopt asynchronous mode to log record, can not influence the performance of service agent because of log record. By writing the log into the file, the national network Yun Hua is used for collecting the data of the log file to a corresponding system for analysis for the components and the national network cloud Ali components.

(1) The national net Yun Hua is a edition

The national network Yun Hua is a version Log management component, namely LTS (Low Tank Service), and the collection and storage of access logs are realized by supporting configuration Log collection paths, so that open Log search through an API (application program interface) interface is supported. LTS performs log data collection by ICAgent.

After the log data of the host and the cloud service are reported to the cloud log service, 30 days of storage can be supported, and for the log data needing long-term storage, the cloud log service provides a dump function and can dump the log to an object storage service (OBS) or a data access service (DIS) for long-term storage.

The log searching function can be used for realizing the logs required by inquiring in massive logs, supporting the original log inquiry analysis, and also can be used for carrying out SQL inquiry and analysis on the structured logs. The log content can be segmented into a plurality of words according to the word segmentation symbol through configuration word segmentation, and the segmented words can be used for searching during log searching.

(2) Chinese net cloud Ali edition

Asynchronous log collection is carried out through a Tlog component, the Jstorm component carries out cleaning treatment on collected log data, statistical data are put into storage data, and detail data are put into an ES for constructing a monitoring link and detail query.

In one implementation manner of the embodiment of the present application, the current limiting control is performed on the service scheduling request according to the service requirement of the service center, and when the service scheduling request reaches a preset current limiting condition, a service scheduling failure result is returned to the user through the service system. When the service gateway fails, setting the states of all services as a fusing state;

and checking the fusing state, wherein the fusing state comprises the service quality information in a preset time period.

Specifically, the traffic system is subjected to flow limiting control according to the service requirements of the business center station. And after the current limiting condition is reached, carrying out quick failure return. The flow limit rule needs to support flow limit control according to the interface and micro service dimension.

The unified service scheduling component supports various middle stations to be accessed and called, service flow is relatively large, service flow limitation is implemented from four dimensions of network province, middle stations, application, service interfaces and the like in order to ensure high availability of the unified service scheduling component, and meanwhile, micro service treatment means such as service degradation, service fusing and the like are used to ensure reliability of the scheduling component.

The unified service scheduling component management and control tool realizes the threshold configuration of the service, supports the dynamic starting and the dynamic adjustment of the threshold, supports the configuration functions of distinguishing core application from non-core application and service, fuses the service current limiting according to the requirement, and preferentially ensures the high availability of the core function.

The unified service scheduling component adopts a Sentinel component with an Arin open source as a current limiting fusing scheme, and the current limiting based on priority can be realized by utilizing the Sentinel global current limiting, such as: when the overall access volume is large, the non-core service and the non-core application are preferably limited.

The unified service scheduling component has a self-healing function, and when the rear-end service of the service gateway proxy fails, the service system for calling the failure service is returned in a quick failure mode, so that resource calling is reduced, and meanwhile, the failure service is protected from being broken down by traffic when restarted to a certain extent.

The service fusing console supports the current fusing status view of all services, for example, the latest 5-minute service quality information such as service response time and service success rate, and manual fusing can be performed according to the indexes.

The service fusing rule fuses according to the micro service, and for the manually registered service, the service fusing rule fuses according to the mode of address + port + context, and the fusing group can be configured.

In one implementation manner of the embodiment of the application, a service monitoring capability corresponding to a middle service is provided based on a cloud platform, wherein the service monitoring capability comprises monitoring of key components of an enterprise service bus, monitoring of service call conditions, monitoring of service call logs and monitoring of service call links.

Specifically, the unified service scheduling component should also have basic service monitoring integration capability on the premise of focusing on meeting the requirements of the platform service opening and the nano-tube capability of the enterprise, and the adaptation technology capability should be met for different cloud platform national network clouds ali edition and Hua Cheng edition. Basic service monitoring capabilities such as monitoring critical components of an enterprise service bus, monitoring service call conditions, monitoring service call logs, and monitoring service call links. The cloud platform provides a whole set of monitoring schemes for monitoring the health condition of the service, the components monitor the health condition of the service in the aspect of gateway logs, and the cloud platform monitors the health of the service in the detection scheme and provides monitoring results and data.

(1) National net Yun Hua edition monitoring

The service is AOM (Application Operations Management application operation and maintenance management), supports real-time monitoring application and related cloud resources, collects and associates indexes, logs and event analysis application health states of the resources, and supports alarm and data visualization functions. The index data collection of the AOM adopts ICAgent (consistent with LTS), and the application of Servicestage and CCE deployment can install collectors by default. Ica gent supports automatic collection of application information including process name, application name, container name, kubernetes pod name, etc. The monitoring service mainly comprises application monitoring, host monitoring and index monitoring, and supports the display of an alarm center and an instrument panel:

The application monitoring is monitoring for the application, and supports monitoring of the resource use condition, trend and alarm of the application. The application monitoring adopts a layer-by-layer drill-down design, and the hierarchical relationship comprises: application list- > application details- > component details- > instance details- > container details- > process details. In detail pages of each level, the AOM correlates alarms and logs related to resources and the situation of the host computer, and displays the detailed information of the alarms and the host computer.

The index monitoring supports hundreds of monitoring indexes and second-level monitoring of clusters, virtual machines, networks, magnetic disks, databases, applications, containers, services and the like, an index monitoring interface is provided for searching indexes, the indexes are displayed on an index tree through the hierarchical relationship of resources, and the hierarchical relationship is as follows: cluster- > service- > instance- > container/process.

And the resource data is supported to be displayed through a graph, a digital graph and a TopN chart, and key indexes of important resources can be added into the instrument panel for real-time monitoring. By creating a threshold rule for the key resource index, a threshold alert is generated when the index data satisfies a threshold condition. The alarm and event inform the operation and maintenance personnel by means of mail, short message, etc.

(2) National net cloud ali edition monitoring

The professional service monitoring component ARMS is provided, and the service monitoring capability of second-level response can be quickly and conveniently built based on dimensions such as application and service customization.

Fig. 4 is a schematic flow chart of service monitoring according to an embodiment of the present application; the method specifically comprises the following steps:

step 1: data collection, ARMS, supports grabbing logs by configuration.

Step 2: the task definition defines tasks such as real-time processing, data storage, presentation analysis, data API, alarm and the like through task configuration, so that self-application scenes are defined. And directly performing service monitoring through applying a monitoring preset scene.

Step 3: application scenarios besides custom monitoring, ARMS also have preset monitoring scenarios that can be used directly, such as the following application monitoring: the service depth customization monitoring can customize real-time monitoring alarm and a large disc with service attributes according to the depth. The business scenes comprise an e-commerce scene, a logistics scene, a travel scene and the like; application performance and anomaly monitoring, performing performance anomaly monitoring on distributed applications and invoking Application Performance Management (APM) capabilities of chain queries; the unified alarm and report platform integrates custom monitoring and application monitoring; application performance and faults, including functions such as application topology, exception capture, distributed or local call stack, log holographic troubleshooting, and the like; service depth custom monitoring, supporting multiple data source access, real-time calculation and storage arrangement, alarm and report custom, API data export and other functions.

S203: and providing the middle station service for the user through the business system.

In the embodiment of the application, the service gateway provides the authority for accessing the middle station service and the corresponding interface authority for the user through the service system.

In an implementation manner of the embodiment of the application, the unified service scheduling component bears the total amount of service call request forwarding work of the middle stations, and the traffic and concurrency of each service scene are greatly different, for example, all traffic is borne by one gateway cluster, so that mutual interference among different services is easy to cause, popularization and application of the unified service scheduling component are not facilitated, and service scheduling of different middle stations is required to be separated by adopting a tenant isolation technology. The unified service scheduling component also provides service related data management such as application registration, service catalogue, call log and the like, and data isolation is required to be realized. Tenant isolation in the unified service scheduling component refers to deploying a unified scheduling gateway of independent resources for different service center stations, and realizing tenant resource isolation with other service center stations on physical resources. And the mutual influence of different business middle stations on unified service scheduling is avoided.

Specifically, as shown in fig. 5, the structure diagram of a gateway component provided in this embodiment of the present application is shown, VPC0 is a unified service scheduling gateway VPC, service gateways are deployed to tenant spaces of each service domain (that is, VPC1 and VPC2 in fig. 5) through a management and control tool, isolation of the service gateways is ensured by a cloud platform, service gateways and service domains are deployed in a one-to-one binding manner, service routing is performed on a central station and a registration center of the service gateway and the service domains, independent inlets are established in a two-level domain name mode, service flows of each central station and application are mutually separated, and the flows reach the central station and the application service through different gateway clusters. The configuration and monitoring of each gateway are responsible by a unified service scheduling component, and the configuration and monitoring acquisition channels of each gateway are communicated through a message bus and a Redis.

In one implementation manner of the embodiment of the application, the unified service scheduling component adopts a cloud platform gray level release function to realize gray level upgrading of the scheduling component. In the operation and maintenance stage, reasonable gray level release and flow switching strategies are required to be formulated for different components. The current national network Yun Hua supports gray release capability for edition and ali edition, and realizes the capability that edition upgrading does not affect business.

Specifically, gray level release, also called canary release, is to deploy an old version and a new version of an application in an environment at the same time, and service requests can be routed to services of the old version and the new version by adopting policies such as flow ratio, request parameters and the like. And rapidly adjusting the traffic proportion of the old version and the new version through a custom gray level release strategy until all traffic is switched to the new version.

The gray release can control the flow proportion of the new version application in a self-defined manner when the new version application is released, complete the full online of the new version application gradually, furthest control the business interruption risk caused by the release of the new version, reduce the influence caused by faults and support quick rollback.

The scheduling component is used as a unified entrance of each middle-stage service, the availability of the middle-stage service is guaranteed when the self component is upgraded, and the scheduling component is guaranteed to run stably and reliably through a gray level release technology, so that the problem that the middle-stage service cannot be forwarded normally due to upgrading is avoided, and the upper-layer application is prevented from being interrupted.

In one implementation manner of the embodiment of the application, the scheduling components are deployed in a containerization manner, the probe strategy of the K8S is fully utilized for keep-alive, part of nodes are restarted by the K8S if necessary, the availability of the components is ensured, and manual operation is reduced. The scheduling component needs to be internally provided with a httpGet livenessProbe and readinesprobe detection interface, and the readinesprobe interface is opened and returns a 200-state code after the component is started successfully to inform K8S that the component is started ready; the liveness probe interface judges whether the current node operates normally or not by checking the operating states of the memory, the thread, the lock and the like, if so, the state returns to 200 normally, otherwise, the state returns to 400.

The scheduling component is used as a call forwarding channel of the middle-stage service, so that the normal and stable operation of forwarding is guaranteed, and the method is a key technical point for timely processing and quickly recovering faults of the component.

Specifically, the containerized application can monitor the running state of the component POD by using the K8S probe technology, and the POD with the fault detected can be automatically and timely disconnected, so that the service is restored by automatically restarting the POD instance. The K8S provides two probes (a survival probe and a ready probe) to monitor the status of operation and health of Pod.

A survivability probe for determining whether the container is healthy, and if the health condition is not satisfied, the Kubelet will determine whether the Pod is to perform a restart operation according to a restart policy set in the Pod.

And the readiness probe is used for judging whether the program in the container is healthy or not, only the service is normal, and the container starts to provide network access to the outside.

K8S supports various detection protocols such as TCP, HTTP and the like, a Web system commonly uses the HTTP protocol, judges whether the state code returned by the HTTP is normal or not, and considers the state code to be normal when the state code is more than or equal to 200 and less than 400, other state codes represent abnormal, and K8S closes and restarts the fault node according to a preset strategy.

In one implementation manner of the embodiment of the application, according to the service requirement of the service system, the response capability of the service route and the authentication resource is adjusted according to a preset elastic expansion strategy.

Specifically, the unified service scheduling component mainly comprises a scheduling gateway which fully evaluates the throughput of a middle station service interface, and automatically adjusts the response capability of service routing and authentication resources through a unified service scheduling elastic telescopic strategy according to the service requirements of service application. The flexible configuration and the flexible strategy are defined according to the service requirement, so that the workload of manually and repeatedly adjusting gateway resources to cope with service changes and peak pressure is reduced, and the enterprise is helped to save resources and labor cost. The scheduling component can evaluate the current resource use condition according to the CPU resource use condition and the service flow condition, and when the load is higher, the scheduling component automatically expands the capacity of the scheduling gateway to meet the request of peak time. When the peak value is reduced, the capacity of the modulation gateway is automatically reduced, the occupation of physical resources is reduced, and the elastic expansion capability is realized.

At present, the national network Yun Hua is a edition and an ali edition which support the elastic expansion capability through CPU memory resources, but do not support the elastic expansion mode through traffic. In the unified service scheduling component, only the capability requirement of the service gateway on elastic expansion is needed, the gateway belongs to IO intensive application, and fluctuation of existence of CPU memory resources is low, so that an elastic expansion interface is provided through the existing cloud platform, and the scheduling component completes elastic expansion of flow analysis.

In one implementation manner of the embodiment of the application, the service systems of the service center stations are combined, application data of the combined service systems are imported, interface information of the service center stations is combed, and the interface information is registered, so that the service gateway is deployed in the service center stations.

Specifically, aiming at an old system which is difficult to reform, a multi-protocol adaptive scheme can be adopted to develop point-to-point to reform a service gateway deployed on a middle station, a unified service scheduling component is adapted and used for realizing authentication and routing logic of the related middle station gateway, a support service system can access the unified service scheduling component without reformation, the parallel operation period is shortened, a middle station service calling quick nano tube of the service system is realized, and the whole work progress caused by slow reformation of part of the old system is avoided. Related old systems are gradually improved in the operation work of the subsequent business center, so that enterprise-level unified specification management of the business center service is realized.

The logic of supporting each business center according to the unified service scheduling gateway achieves the goal of unified nano tube, the unified service scheduling component only has one set of standard, new application must be executed according to the unified standard, but on the implementation path, the scheduling component is adopted to support the authentication protocol of the current four business centers, so that the implementation difficulty is reduced, and the implementation progress is improved.

The method comprises the following specific steps:

(1) And (3) unifying application data: and merging the service systems of each service center, and importing the different service systems into an enterprise unified service scheduling component. This procedure inevitably involves dirty data, for example, a service system calls multiple service intermediate stations, and may be repeated.

(2) Rights management unifies: and combing all interface information of the current four business center stations, registering all the interface information into a unified service scheduling component, and importing the interface information into the unified service scheduling component according to the use condition or the export authority relationship of the business center stations.

(3) Gateway deployment and test point stage: the unified service dispatch gateway is deployed to a service center station, and partial application is cut first in a stepwise cutting mode, and then all cutting is performed after no problem is caused in observation operation.

It should be noted that the original gateway has a non-single function, and may also have a function of a customer service, and about this part of the function needs to be cut into a service, specifically, a part of service logic functions of a customer service center station exist and are implemented on the gateway, and this part of functions do not belong to gateway capabilities, such as capabilities of protocol conversion, and these functions need to be split into service implementation by the customer service center station.

Based on the method provided by the above embodiment, the embodiment of the present application further provides a service scheduling device, and the service scheduling device is described below with reference to the accompanying drawings.

Referring to fig. 6, the structure of a service scheduling device provided in the embodiment of the present application is shown schematically.

The service scheduling apparatus 600 provided in the embodiment of the present application is applied to a service gateway, and includes: acquisition unit 601, transmission unit 602.

An obtaining unit 601, configured to obtain a service scheduling request of a user through a service system based on a preset two-stage mutual trust protocol, where the service scheduling request includes an encryption parameter;

a sending unit 602, configured to send a service scheduling request to a corresponding service center through a preset service route, so that the service center performs signature verification on an encryption parameter of the service scheduling request, and if the verification is passed, returns a corresponding center service to the service gateway;

the sending unit 602 is further configured to provide a middle station service to the user through the service system.

In one possible implementation, the apparatus further includes:

the fusing unit is used for setting the states of all services as fusing states when the service gateway fails; and checking the fusing state, wherein the fusing state comprises the service quality information in a preset time period.

In one possible implementation, the apparatus further includes:

the isolation unit is used for authorizing an interface of a business system of the external network through the penetration capability of the preset isolation equipment service; and acquiring the service scheduling request of the authorized service system of the external network through the information security network isolation device.

In one possible implementation, the apparatus further includes:

and the adjusting unit is used for adjusting the response capacity of the service route and the authentication resource according to the service requirement of the service system and the preset elastic expansion strategy.

In one possible implementation, the apparatus further includes:

the monitoring unit is used for providing service monitoring capability corresponding to the intermediate service based on the cloud platform, wherein the service monitoring capability comprises monitoring of key components of the enterprise service bus, monitoring of service calling conditions, monitoring of service calling logs and monitoring of service calling links.

Since the apparatus 600 is an apparatus corresponding to the service scheduling method provided in the above method embodiment, the specific implementation of each unit of the apparatus 600 is the same as the above method embodiment, and therefore, with respect to the specific implementation of each unit of the apparatus 600, reference may be made to the description part of the above method embodiment regarding the service scheduling method, which is not repeated herein.

The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, e.g., the division of units is merely a logical service division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each service unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software business units.

The integrated units, if implemented in the form of software business units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Those skilled in the art will appreciate that in one or more of the examples described above, the services described herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the services may be stored in a computer-readable medium or transmitted as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

The objects, technical solutions and advantageous effects of the present invention have been described in further detail in the above embodiments, and it should be understood that the above are only embodiments of the present invention.

The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims

1. A service scheduling method, wherein the method is applied to a service gateway, the service gateway is deployed in each service center, and the method comprises:

and providing the middle service for the user through the business system.

2. The method according to claim 1, characterized in that the method further comprises:

3. The method according to claim 1, characterized in that the method further comprises:

4. The method according to claim 1, characterized in that the method further comprises:

5. The method according to claim 1, characterized in that the method further comprises:

6. The method according to claim 1, characterized in that the method further comprises:

7. The method according to claim 1, characterized in that the method further comprises:

8. A service scheduling apparatus, the apparatus being applied to a service gateway, the apparatus comprising:

9. The apparatus of claim 8, wherein the apparatus further comprises:

10. The apparatus of claim 8, wherein the apparatus further comprises: