github.com/lzy4123/fabric@v2.1.1+incompatible/orderer/consensus/kafka/config.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package kafka
     8  
     9  import (
    10  	"crypto/tls"
    11  	"crypto/x509"
    12  
    13  	localconfig "github.com/hyperledger/fabric/orderer/common/localconfig"
    14  
    15  	"github.com/Shopify/sarama"
    16  )
    17  
    18  func newBrokerConfig(
    19  	tlsConfig localconfig.TLS,
    20  	saslPlain localconfig.SASLPlain,
    21  	retryOptions localconfig.Retry,
    22  	kafkaVersion sarama.KafkaVersion,
    23  	chosenStaticPartition int32) *sarama.Config {
    24  
    25  	// Max. size for request headers, etc. Set in bytes. Too big on purpose.
    26  	paddingDelta := 1 * 1024 * 1024
    27  
    28  	brokerConfig := sarama.NewConfig()
    29  
    30  	brokerConfig.Consumer.Retry.Backoff = retryOptions.Consumer.RetryBackoff
    31  
    32  	// Allows us to retrieve errors that occur when consuming a channel
    33  	brokerConfig.Consumer.Return.Errors = true
    34  
    35  	brokerConfig.Metadata.Retry.Backoff = retryOptions.Metadata.RetryBackoff
    36  	brokerConfig.Metadata.Retry.Max = retryOptions.Metadata.RetryMax
    37  
    38  	brokerConfig.Net.DialTimeout = retryOptions.NetworkTimeouts.DialTimeout
    39  	brokerConfig.Net.ReadTimeout = retryOptions.NetworkTimeouts.ReadTimeout
    40  	brokerConfig.Net.WriteTimeout = retryOptions.NetworkTimeouts.WriteTimeout
    41  
    42  	brokerConfig.Net.TLS.Enable = tlsConfig.Enabled
    43  	if brokerConfig.Net.TLS.Enable {
    44  		// create public/private key pair structure
    45  		keyPair, err := tls.X509KeyPair([]byte(tlsConfig.Certificate), []byte(tlsConfig.PrivateKey))
    46  		if err != nil {
    47  			logger.Panic("Unable to decode public/private key pair:", err)
    48  		}
    49  		// create root CA pool
    50  		rootCAs := x509.NewCertPool()
    51  		for _, certificate := range tlsConfig.RootCAs {
    52  			if !rootCAs.AppendCertsFromPEM([]byte(certificate)) {
    53  				logger.Panic("Unable to parse the root certificate authority certificates (Kafka.Tls.RootCAs)")
    54  			}
    55  		}
    56  		brokerConfig.Net.TLS.Config = &tls.Config{
    57  			Certificates: []tls.Certificate{keyPair},
    58  			RootCAs:      rootCAs,
    59  			MinVersion:   tls.VersionTLS12,
    60  			MaxVersion:   0, // Latest supported TLS version
    61  		}
    62  	}
    63  	brokerConfig.Net.SASL.Enable = saslPlain.Enabled
    64  	if brokerConfig.Net.SASL.Enable {
    65  		brokerConfig.Net.SASL.User = saslPlain.User
    66  		brokerConfig.Net.SASL.Password = saslPlain.Password
    67  	}
    68  
    69  	// Set equivalent of Kafka producer config max.request.bytes to the default
    70  	// value of a Kafka broker's socket.request.max.bytes property (100 MiB).
    71  	brokerConfig.Producer.MaxMessageBytes = int(sarama.MaxRequestSize) - paddingDelta
    72  
    73  	brokerConfig.Producer.Retry.Backoff = retryOptions.Producer.RetryBackoff
    74  	brokerConfig.Producer.Retry.Max = retryOptions.Producer.RetryMax
    75  
    76  	// A partitioner is actually not needed the way we do things now,
    77  	// but we're adding it now to allow for flexibility in the future.
    78  	brokerConfig.Producer.Partitioner = newStaticPartitioner(chosenStaticPartition)
    79  	// Set the level of acknowledgement reliability needed from the broker.
    80  	// WaitForAll means that the partition leader will wait till all ISRs got
    81  	// the message before sending back an ACK to the sender.
    82  	brokerConfig.Producer.RequiredAcks = sarama.WaitForAll
    83  	// An esoteric setting required by the sarama library, see:
    84  	// https://github.com/Shopify/sarama/issues/816
    85  	brokerConfig.Producer.Return.Successes = true
    86  
    87  	brokerConfig.Version = kafkaVersion
    88  
    89  	return brokerConfig
    90  }