-
Notifications
You must be signed in to change notification settings - Fork 296
/
cli.rs
220 lines (178 loc) · 6.9 KB
/
cli.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
use std::{net::SocketAddr, path::PathBuf};
use clap::{Args, Parser};
use url::Url;
use crate::core::{AUTHOR_NAME, SERVICE_NAME};
#[derive(Parser)]
#[clap(name = SERVICE_NAME)]
#[clap(author = AUTHOR_NAME)]
pub struct Cli {
#[command(flatten, next_help_heading = "registry")]
pub registry: RegistryConfig,
#[command(flatten, next_help_heading = "listen")]
pub listen: ListenConfig,
#[command(flatten, next_help_heading = "health")]
pub health: HealthChecksConfig,
#[command(flatten, next_help_heading = "firewall")]
pub firewall: FirewallConfig,
#[cfg(feature = "tls")]
#[command(flatten, next_help_heading = "tls")]
pub tls: TlsConfig,
#[command(flatten, next_help_heading = "monitoring")]
pub monitoring: MonitoringConfig,
#[command(flatten, next_help_heading = "rate_limiting")]
pub rate_limiting: RateLimitingConfig,
#[command(flatten, next_help_heading = "cache")]
pub cache: CacheConfig,
#[command(flatten, next_help_heading = "retry")]
pub retry: RetryConfig,
}
#[derive(Args)]
pub struct RegistryConfig {
/// Comma separated list of NNS URLs to bootstrap the registry
#[clap(long, value_delimiter = ',', default_value = "https://ic0.app")]
pub nns_urls: Vec<Url>,
/// The path to the NNS public key file
#[clap(long)]
pub nns_pub_key_pem: Option<PathBuf>,
/// The delay between NNS polls in milliseconds
#[clap(long, default_value = "5000")]
pub nns_poll_interval_ms: u64,
/// The registry local store path to be populated
#[clap(long)]
pub local_store_path: PathBuf,
/// Whether to disable internal registry replicator
#[clap(long, default_value = "false")]
pub disable_registry_replicator: bool,
/// Minimum snapshot version age to be useful for initial publishing, in seconds
#[clap(long, default_value = "10")]
pub min_version_age: u64,
}
#[derive(Args)]
pub struct ListenConfig {
/// Port to listen for HTTP
#[clap(long, default_value = "80")]
pub http_port: u16,
/// Port to listen for HTTPS
#[cfg(feature = "tls")]
#[clap(long, default_value = "443")]
pub https_port: u16,
/// Timeout for the whole HTTP request in seconds
#[clap(long, default_value = "600")]
pub http_timeout: u64,
/// Timeout for the whole HTTP request in seconds when doing health checks
#[clap(long, default_value = "3")]
pub http_timeout_check: u64,
/// Timeout for the HTTP connect phase in seconds
#[clap(long, default_value = "2")]
pub http_timeout_connect: u64,
/// Max number of in-flight requests that can be served in parallel
/// If this is exceeded - new requests would be throttled
#[clap(long, default_value = "512")]
pub max_concurrency: usize,
/// How frequently to send TCP/HTTP2 keepalives, in seconds
#[clap(long, default_value = "15")]
pub http_keepalive: u64,
/// How long to wait for a keepalive response, in seconds
#[clap(long, default_value = "3")]
pub http_keepalive_timeout: u64,
/// How long to keep idle outgoing connections open
#[clap(long, default_value = "10")]
pub http_idle_timeout: u64,
}
#[derive(Args)]
pub struct HealthChecksConfig {
/// How frequently to run node checks in seconds
#[clap(long, default_value = "10")]
pub check_interval: u64,
/// How many attempts to do when checking a node
#[clap(long, default_value = "3")]
pub check_retries: u32,
/// Minimum required OK health checks
/// for a replica to be included in the routing table
#[clap(long, default_value = "1")]
pub min_ok_count: u8,
/// Maximum block height lag for a replica to be included in the routing table
#[clap(long, default_value = "1000")]
pub max_height_lag: u64,
}
#[derive(Args)]
pub struct FirewallConfig {
/// The path to the nftables replica ruleset file to update
#[clap(long)]
pub nftables_system_replicas_path: Option<PathBuf>,
/// The name of the nftables variable to export
#[clap(long, default_value = "ipv6_system_replica_ips")]
pub nftables_system_replicas_var: String,
}
#[cfg(feature = "tls")]
#[derive(Args)]
pub struct TlsConfig {
/// Hostname to request TLS certificate for
#[clap(long)]
pub hostname: String,
/// How many days before certificate expires to start renewing it
#[clap(long, default_value = "30", value_parser = clap::value_parser!(u32).range(1..90))]
pub renew_days_before: u32,
/// The path to the ACME credentials file
#[clap(long, default_value = "acme.json")]
pub acme_credentials_path: PathBuf,
/// The path to the ingress TLS cert
#[clap(long, default_value = "cert.pem")]
pub tls_cert_path: PathBuf,
/// The path to the ingress TLS private-key
#[clap(long, default_value = "pkey.pem")]
pub tls_pkey_path: PathBuf,
}
#[derive(Args)]
pub struct MonitoringConfig {
/// The socket used to export metrics.
#[clap(long, default_value = "127.0.0.1:9090")]
pub metrics_addr: SocketAddr,
/// Maximum logging level
#[clap(long, default_value = "info")]
pub max_logging_level: tracing::Level,
/// Disable per-request logging and metrics recording
#[clap(long)]
pub disable_request_logging: bool,
/// Log only failed (non-2xx status code or other problems) requests
#[clap(long)]
pub log_failed_requests_only: bool,
}
#[derive(Args)]
pub struct RateLimitingConfig {
/// Allowed number of update calls per second per subnet per boundary node. Panics if 0 is passed!
#[clap(long)]
pub rate_limit_per_second_per_subnet: Option<u32>,
/// Allowed number of update calls per second per ip per boundary node. Panics if 0 is passed!
#[clap(long)]
pub rate_limit_per_second_per_ip: Option<u32>,
/// Allowed number of ledger transfer calls per second
#[clap(long, value_parser = clap::value_parser!(u32).range(1..))]
pub rate_limit_ledger_transfer: Option<u32>,
}
#[derive(Args)]
pub struct CacheConfig {
/// Maximum size of in-memory cache in bytes. Specify a size to enable caching.
#[clap(long)]
pub cache_size_bytes: Option<u64>,
/// Maximum size of a single cached response item in bytes
#[clap(long, default_value = "131072")]
pub cache_max_item_size_bytes: u64,
/// Time-to-live for cache entries in seconds
#[clap(long, default_value = "1")]
pub cache_ttl_seconds: u64,
/// Whether to cache non-anonymous requests
#[clap(long, default_value = "false")]
pub cache_non_anonymous: bool,
}
#[derive(Args)]
pub struct RetryConfig {
/// How many times to retry a failed request.
/// Should be in range [0..10], value of 0 disables the retries.
/// If there are less healthy nodes in the subnet - then less retries would be done.
#[clap(long, default_value = "2", value_parser = clap::value_parser!(u8).range(0..11))]
pub retry_count: u8,
/// Whether to retry update calls
#[clap(long, default_value = "false")]
pub retry_update_call: bool,
}