forked from hyperledger/fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
169 lines (156 loc) · 6.15 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package comm
import (
"crypto/tls"
"crypto/x509"
"time"
"github.com/hyperledger/fabric/common/flogging"
"github.com/hyperledger/fabric/common/metrics"
"google.golang.org/grpc"
"google.golang.org/grpc/keepalive"
)
// Configuration defaults
var (
// Max send and receive bytes for grpc clients and servers
MaxRecvMsgSize = 100 * 1024 * 1024
MaxSendMsgSize = 100 * 1024 * 1024
// Default peer keepalive options
DefaultKeepaliveOptions = KeepaliveOptions{
ClientInterval: time.Duration(1) * time.Minute, // 1 min
ClientTimeout: time.Duration(20) * time.Second, // 20 sec - gRPC default
ServerInterval: time.Duration(2) * time.Hour, // 2 hours - gRPC default
ServerTimeout: time.Duration(20) * time.Second, // 20 sec - gRPC default
ServerMinInterval: time.Duration(1) * time.Minute, // match ClientInterval
}
// strong TLS cipher suites
DefaultTLSCipherSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
}
// default connection timeout
DefaultConnectionTimeout = 5 * time.Second
)
// ServerConfig defines the parameters for configuring a GRPCServer instance
type ServerConfig struct {
// ConnectionTimeout specifies the timeout for connection establishment
// for all new connections
ConnectionTimeout time.Duration
// SecOpts defines the security parameters
SecOpts SecureOptions
// KaOpts defines the keepalive parameters
KaOpts KeepaliveOptions
// StreamInterceptors specifies a list of interceptors to apply to
// streaming RPCs. They are executed in order.
StreamInterceptors []grpc.StreamServerInterceptor
// UnaryInterceptors specifies a list of interceptors to apply to unary
// RPCs. They are executed in order.
UnaryInterceptors []grpc.UnaryServerInterceptor
// Logger specifies the logger the server will use
Logger *flogging.FabricLogger
// HealthCheckEnabled enables the gRPC Health Checking Protocol for the server
HealthCheckEnabled bool
// ServerStatsHandler should be set if metrics on connections are to be reported.
ServerStatsHandler *ServerStatsHandler
}
// ClientConfig defines the parameters for configuring a GRPCClient instance
type ClientConfig struct {
// SecOpts defines the security parameters
SecOpts SecureOptions
// KaOpts defines the keepalive parameters
KaOpts KeepaliveOptions
// Timeout specifies how long the client will block when attempting to
// establish a connection
Timeout time.Duration
// AsyncConnect makes connection creation non blocking
AsyncConnect bool
}
// Clone clones this ClientConfig
func (cc ClientConfig) Clone() ClientConfig {
shallowClone := cc
return shallowClone
}
// SecureOptions defines the security parameters (e.g. TLS) for a
// GRPCServer or GRPCClient instance
type SecureOptions struct {
// VerifyCertificate, if not nil, is called after normal
// certificate verification by either a TLS client or server.
// If it returns a non-nil error, the handshake is aborted and that error results.
VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// PEM-encoded X509 public key to be used for TLS communication
Certificate []byte
// PEM-encoded private key to be used for TLS communication
Key []byte
// Set of PEM-encoded X509 certificate authorities used by clients to
// verify server certificates
ServerRootCAs [][]byte
// Set of PEM-encoded X509 certificate authorities used by servers to
// verify client certificates
ClientRootCAs [][]byte
// Whether or not to use TLS for communication
UseTLS bool
// Whether or not TLS client must present certificates for authentication
RequireClientCert bool
// CipherSuites is a list of supported cipher suites for TLS
CipherSuites []uint16
// TimeShift makes TLS handshakes time sampling shift to the past by a given duration
TimeShift time.Duration
}
// KeepaliveOptions is used to set the gRPC keepalive settings for both
// clients and servers
type KeepaliveOptions struct {
// ClientInterval is the duration after which if the client does not see
// any activity from the server it pings the server to see if it is alive
ClientInterval time.Duration
// ClientTimeout is the duration the client waits for a response
// from the server after sending a ping before closing the connection
ClientTimeout time.Duration
// ServerInterval is the duration after which if the server does not see
// any activity from the client it pings the client to see if it is alive
ServerInterval time.Duration
// ServerTimeout is the duration the server waits for a response
// from the client after sending a ping before closing the connection
ServerTimeout time.Duration
// ServerMinInterval is the minimum permitted time between client pings.
// If clients send pings more frequently, the server will disconnect them
ServerMinInterval time.Duration
}
type Metrics struct {
// OpenConnCounter keeps track of number of open connections
OpenConnCounter metrics.Counter
// ClosedConnCounter keeps track of number connections closed
ClosedConnCounter metrics.Counter
}
// ServerKeepaliveOptions returns gRPC keepalive options for server.
func ServerKeepaliveOptions(ka KeepaliveOptions) []grpc.ServerOption {
var serverOpts []grpc.ServerOption
kap := keepalive.ServerParameters{
Time: ka.ServerInterval,
Timeout: ka.ServerTimeout,
}
serverOpts = append(serverOpts, grpc.KeepaliveParams(kap))
kep := keepalive.EnforcementPolicy{
MinTime: ka.ServerMinInterval,
// allow keepalive w/o rpc
PermitWithoutStream: true,
}
serverOpts = append(serverOpts, grpc.KeepaliveEnforcementPolicy(kep))
return serverOpts
}
// ClientKeepaliveOptions returns gRPC keepalive options for clients.
func ClientKeepaliveOptions(ka KeepaliveOptions) []grpc.DialOption {
var dialOpts []grpc.DialOption
kap := keepalive.ClientParameters{
Time: ka.ClientInterval,
Timeout: ka.ClientTimeout,
PermitWithoutStream: true,
}
dialOpts = append(dialOpts, grpc.WithKeepaliveParams(kap))
return dialOpts
}