forked from hyperledger/fabric
/
config.go
157 lines (132 loc) · 4.97 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package deliverservice
import (
"crypto/x509"
"io/ioutil"
"time"
"github.com/hyperledger/fabric/core/config"
"github.com/hyperledger/fabric/internal/pkg/comm"
"github.com/hyperledger/fabric/internal/pkg/peer/orderers"
"github.com/pkg/errors"
"github.com/spf13/viper"
)
const (
DefaultReConnectBackoffThreshold = time.Hour * 1
DefaultReConnectTotalTimeThreshold = time.Second * 60 * 60
DefaultConnectionTimeout = time.Second * 3
)
// DeliverServiceConfig is the struct that defines the deliverservice configuration.
type DeliverServiceConfig struct {
// PeerTLSEnabled enables/disables Peer TLS.
PeerTLSEnabled bool
// ReConnectBackoffThreshold sets the delivery service maximal delay between consencutive retries.
ReConnectBackoffThreshold time.Duration
// ReconnectTotalTimeThreshold sets the total time the delivery service may spend in reconnection attempts
// until its retry logic gives up and returns an error.
ReconnectTotalTimeThreshold time.Duration
// ConnectionTimeout sets the delivery service <-> ordering service node connection timeout
ConnectionTimeout time.Duration
// Keepalive option for deliveryservice
KeepaliveOptions comm.KeepaliveOptions
// SecOpts provides the TLS info for connections
SecOpts comm.SecureOptions
// OrdererEndpointOverrides is a map of orderer addresses which should be
// re-mapped to a different orderer endpoint.
OrdererEndpointOverrides map[string]*orderers.Endpoint
}
type AddressOverride struct {
From string `mapstructure:"from"`
To string `mapstructure:"to"`
CACertsFile string `mapstructure:"caCertsFile"`
}
// GlobalConfig obtains a set of configuration from viper, build and returns the config struct.
func GlobalConfig() *DeliverServiceConfig {
c := &DeliverServiceConfig{}
c.loadDeliverServiceConfig()
return c
}
func LoadOverridesMap() (map[string]*orderers.Endpoint, error) {
var overrides []AddressOverride
err := viper.UnmarshalKey("peer.deliveryclient.addressOverrides", &overrides)
if err != nil {
return nil, errors.WithMessage(err, "could not unmarshal peer.deliveryclient.addressOverrides")
}
if len(overrides) == 0 {
return nil, nil
}
overrideMap := map[string]*orderers.Endpoint{}
for _, override := range overrides {
certPool := x509.NewCertPool()
if override.CACertsFile != "" {
pem, err := ioutil.ReadFile(override.CACertsFile)
if err != nil {
logger.Warningf("could not read file '%s' specified for caCertsFile of orderer endpoint override from '%s' to '%s': %s", override.CACertsFile, override.From, override.To, err)
continue
}
success := certPool.AppendCertsFromPEM(pem)
if !success {
logger.Warningf("Attempted to create a cert pool for override of orderer address '%s' to '%s' but did not find any valid certs in '%s'", override.From, override.To, override.CACertsFile)
continue
}
}
overrideMap[override.From] = &orderers.Endpoint{
Address: override.To,
CertPool: certPool,
}
}
return overrideMap, nil
}
func (c *DeliverServiceConfig) loadDeliverServiceConfig() {
c.PeerTLSEnabled = viper.GetBool("peer.tls.enabled")
c.ReConnectBackoffThreshold = viper.GetDuration("peer.deliveryclient.reConnectBackoffThreshold")
if c.ReConnectBackoffThreshold == 0 {
c.ReConnectBackoffThreshold = DefaultReConnectBackoffThreshold
}
c.ReconnectTotalTimeThreshold = viper.GetDuration("peer.deliveryclient.reconnectTotalTimeThreshold")
if c.ReconnectTotalTimeThreshold == 0 {
c.ReconnectTotalTimeThreshold = DefaultReConnectTotalTimeThreshold
}
c.ConnectionTimeout = viper.GetDuration("peer.deliveryclient.connTimeout")
if c.ConnectionTimeout == 0 {
c.ConnectionTimeout = DefaultConnectionTimeout
}
c.KeepaliveOptions = comm.DefaultKeepaliveOptions
if viper.IsSet("peer.keepalive.deliveryClient.interval") {
c.KeepaliveOptions.ClientInterval = viper.GetDuration("peer.keepalive.deliveryClient.interval")
}
if viper.IsSet("peer.keepalive.deliveryClient.timeout") {
c.KeepaliveOptions.ClientTimeout = viper.GetDuration("peer.keepalive.deliveryClient.timeout")
}
c.SecOpts = comm.SecureOptions{
UseTLS: viper.GetBool("peer.tls.enabled"),
RequireClientCert: viper.GetBool("peer.tls.clientAuthRequired"),
}
if c.SecOpts.RequireClientCert {
certFile := config.GetPath("peer.tls.clientCert.file")
if certFile == "" {
certFile = config.GetPath("peer.tls.cert.file")
}
keyFile := config.GetPath("peer.tls.clientKey.file")
if keyFile == "" {
keyFile = config.GetPath("peer.tls.key.file")
}
keyPEM, err := ioutil.ReadFile(keyFile)
if err != nil {
panic(errors.WithMessagef(err, "unable to load key at '%s'", keyFile))
}
c.SecOpts.Key = keyPEM
certPEM, err := ioutil.ReadFile(certFile)
if err != nil {
panic(errors.WithMessagef(err, "unable to load cert at '%s'", certFile))
}
c.SecOpts.Certificate = certPEM
}
overridesMap, err := LoadOverridesMap()
if err != nil {
panic(err)
}
c.OrdererEndpointOverrides = overridesMap
}