-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
186 lines (159 loc) · 5.84 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
/*
Copyright hechain. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package deliverservice
import (
"encoding/pem"
"io/ioutil"
"time"
"github.com/hechain20/hechain/core/config"
"github.com/hechain20/hechain/internal/pkg/comm"
"github.com/hechain20/hechain/internal/pkg/peer/orderers"
"github.com/pkg/errors"
"github.com/spf13/viper"
)
const (
DefaultReConnectBackoffThreshold = time.Hour * 1
DefaultReConnectTotalTimeThreshold = time.Second * 60 * 60
DefaultConnectionTimeout = time.Second * 3
)
// DeliverServiceConfig is the struct that defines the deliverservice configuration.
type DeliverServiceConfig struct {
// PeerTLSEnabled enables/disables Peer TLS.
PeerTLSEnabled bool
// BlockGossipEnabled enables block forwarding via gossip
BlockGossipEnabled bool
// ReConnectBackoffThreshold sets the delivery service maximal delay between consencutive retries.
ReConnectBackoffThreshold time.Duration
// ReconnectTotalTimeThreshold sets the total time the delivery service may spend in reconnection attempts
// until its retry logic gives up and returns an error.
ReconnectTotalTimeThreshold time.Duration
// ConnectionTimeout sets the delivery service <-> ordering service node connection timeout
ConnectionTimeout time.Duration
// Keepalive option for deliveryservice
KeepaliveOptions comm.KeepaliveOptions
// SecOpts provides the TLS info for connections
SecOpts comm.SecureOptions
// OrdererEndpointOverrides is a map of orderer addresses which should be
// re-mapped to a different orderer endpoint.
OrdererEndpointOverrides map[string]*orderers.Endpoint
}
type AddressOverride struct {
From string
To string
CACertsFile string
}
// GlobalConfig obtains a set of configuration from viper, build and returns the config struct.
func GlobalConfig() *DeliverServiceConfig {
c := &DeliverServiceConfig{}
c.loadDeliverServiceConfig()
return c
}
func LoadOverridesMap() (map[string]*orderers.Endpoint, error) {
var overrides []AddressOverride
err := viper.UnmarshalKey("peer.deliveryclient.addressOverrides", &overrides)
if err != nil {
return nil, errors.WithMessage(err, "could not unmarshal peer.deliveryclient.addressOverrides")
}
if len(overrides) == 0 {
return nil, nil
}
overrideMap := map[string]*orderers.Endpoint{}
for _, override := range overrides {
var rootCerts [][]byte
if override.CACertsFile != "" {
pem, err := ioutil.ReadFile(override.CACertsFile)
if err != nil {
logger.Warningf("could not read file '%s' specified for caCertsFile of orderer endpoint override from '%s' to '%s': %s", override.CACertsFile, override.From, override.To, err)
continue
}
rootCerts = extractCerts(pem)
if len(rootCerts) == 0 {
logger.Warningf("Attempted to create a cert pool for override of orderer address '%s' to '%s' but did not find any valid certs in '%s'", override.From, override.To, override.CACertsFile)
continue
}
}
overrideMap[override.From] = &orderers.Endpoint{
Address: override.To,
RootCerts: rootCerts,
}
}
return overrideMap, nil
}
// extractCerts is a hacky way of breaking apart a collection of PEM encoded
// certificates. This is used to preserve the semantics of
// x509.CertPool#AppendCertsFromPEM after removing the CertPool from the
// orderers.Endpoint.
func extractCerts(pemCerts []byte) [][]byte {
var certs [][]byte
for len(pemCerts) > 0 {
var block *pem.Block
block, pemCerts = pem.Decode(pemCerts)
if block == nil {
break
}
if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
continue
}
certs = append(certs, pem.EncodeToMemory(block))
}
return certs
}
func (c *DeliverServiceConfig) loadDeliverServiceConfig() {
enabledKey := "peer.deliveryclient.blockGossipEnabled"
enabledConfigOptionMissing := !viper.IsSet(enabledKey)
if enabledConfigOptionMissing {
logger.Infof("peer.deliveryclient.blockGossipEnabled is not set, defaulting to true.")
}
c.BlockGossipEnabled = enabledConfigOptionMissing || viper.GetBool(enabledKey)
c.PeerTLSEnabled = viper.GetBool("peer.tls.enabled")
c.ReConnectBackoffThreshold = viper.GetDuration("peer.deliveryclient.reConnectBackoffThreshold")
if c.ReConnectBackoffThreshold == 0 {
c.ReConnectBackoffThreshold = DefaultReConnectBackoffThreshold
}
c.ReconnectTotalTimeThreshold = viper.GetDuration("peer.deliveryclient.reconnectTotalTimeThreshold")
if c.ReconnectTotalTimeThreshold == 0 {
c.ReconnectTotalTimeThreshold = DefaultReConnectTotalTimeThreshold
}
c.ConnectionTimeout = viper.GetDuration("peer.deliveryclient.connTimeout")
if c.ConnectionTimeout == 0 {
c.ConnectionTimeout = DefaultConnectionTimeout
}
c.KeepaliveOptions = comm.DefaultKeepaliveOptions
if viper.IsSet("peer.keepalive.deliveryClient.interval") {
c.KeepaliveOptions.ClientInterval = viper.GetDuration("peer.keepalive.deliveryClient.interval")
}
if viper.IsSet("peer.keepalive.deliveryClient.timeout") {
c.KeepaliveOptions.ClientTimeout = viper.GetDuration("peer.keepalive.deliveryClient.timeout")
}
c.SecOpts = comm.SecureOptions{
UseTLS: viper.GetBool("peer.tls.enabled"),
RequireClientCert: viper.GetBool("peer.tls.clientAuthRequired"),
}
if c.SecOpts.RequireClientCert {
certFile := config.GetPath("peer.tls.clientCert.file")
if certFile == "" {
certFile = config.GetPath("peer.tls.cert.file")
}
keyFile := config.GetPath("peer.tls.clientKey.file")
if keyFile == "" {
keyFile = config.GetPath("peer.tls.key.file")
}
keyPEM, err := ioutil.ReadFile(keyFile)
if err != nil {
panic(errors.WithMessagef(err, "unable to load key at '%s'", keyFile))
}
c.SecOpts.Key = keyPEM
certPEM, err := ioutil.ReadFile(certFile)
if err != nil {
panic(errors.WithMessagef(err, "unable to load cert at '%s'", certFile))
}
c.SecOpts.Certificate = certPEM
}
overridesMap, err := LoadOverridesMap()
if err != nil {
panic(err)
}
c.OrdererEndpointOverrides = overridesMap
}