github.com/tenywen/fabric@v1.0.0-beta.0.20170620030522-a5b1ed380643/orderer/kafka/config.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package kafka
     8  
     9  import (
    10  	"crypto/tls"
    11  	"crypto/x509"
    12  
    13  	"github.com/Shopify/sarama"
    14  	localconfig "github.com/hyperledger/fabric/orderer/localconfig"
    15  )
    16  
    17  func newBrokerConfig(tlsConfig localconfig.TLS, retryOptions localconfig.Retry, kafkaVersion sarama.KafkaVersion, chosenStaticPartition int32) *sarama.Config {
    18  	// Max. size for request headers, etc. Set in bytes. Too big on purpose.
    19  	paddingDelta := 1 * 1024 * 1024
    20  
    21  	brokerConfig := sarama.NewConfig()
    22  
    23  	brokerConfig.Consumer.Retry.Backoff = retryOptions.Consumer.RetryBackoff
    24  
    25  	// Allows us to retrieve errors that occur when consuming a channel
    26  	brokerConfig.Consumer.Return.Errors = true
    27  
    28  	brokerConfig.Metadata.Retry.Backoff = retryOptions.Metadata.RetryBackoff
    29  	brokerConfig.Metadata.Retry.Max = retryOptions.Metadata.RetryMax
    30  
    31  	brokerConfig.Net.DialTimeout = retryOptions.NetworkTimeouts.DialTimeout
    32  	brokerConfig.Net.ReadTimeout = retryOptions.NetworkTimeouts.ReadTimeout
    33  	brokerConfig.Net.WriteTimeout = retryOptions.NetworkTimeouts.WriteTimeout
    34  
    35  	brokerConfig.Net.TLS.Enable = tlsConfig.Enabled
    36  	if brokerConfig.Net.TLS.Enable {
    37  		// create public/private key pair structure
    38  		keyPair, err := tls.X509KeyPair([]byte(tlsConfig.Certificate), []byte(tlsConfig.PrivateKey))
    39  		if err != nil {
    40  			logger.Panic("Unable to decode public/private key pair:", err)
    41  		}
    42  		// create root CA pool
    43  		rootCAs := x509.NewCertPool()
    44  		for _, certificate := range tlsConfig.RootCAs {
    45  			if !rootCAs.AppendCertsFromPEM([]byte(certificate)) {
    46  				logger.Panic("Unable to parse the root certificate authority certificates (Kafka.Tls.RootCAs)")
    47  			}
    48  		}
    49  		brokerConfig.Net.TLS.Config = &tls.Config{
    50  			Certificates: []tls.Certificate{keyPair},
    51  			RootCAs:      rootCAs,
    52  			MinVersion:   tls.VersionTLS12,
    53  			MaxVersion:   0, // Latest supported TLS version
    54  		}
    55  	}
    56  
    57  	// Set equivalent of Kafka producer config max.request.bytes to the default
    58  	// value of a Kafka broker's socket.request.max.bytes property (100 MiB).
    59  	brokerConfig.Producer.MaxMessageBytes = int(sarama.MaxRequestSize) - paddingDelta
    60  
    61  	brokerConfig.Producer.Retry.Backoff = retryOptions.Producer.RetryBackoff
    62  	brokerConfig.Producer.Retry.Max = retryOptions.Producer.RetryMax
    63  
    64  	// A partitioner is actually not needed the way we do things now,
    65  	// but we're adding it now to allow for flexibility in the future.
    66  	brokerConfig.Producer.Partitioner = newStaticPartitioner(chosenStaticPartition)
    67  	// Set the level of acknowledgement reliability needed from the broker.
    68  	// WaitForAll means that the partition leader will wait till all ISRs got
    69  	// the message before sending back an ACK to the sender.
    70  	brokerConfig.Producer.RequiredAcks = sarama.WaitForAll
    71  	// An esoteric setting required by the sarama library, see:
    72  	// https://github.com/Shopify/sarama/issues/816
    73  	brokerConfig.Producer.Return.Successes = true
    74  
    75  	brokerConfig.Version = kafkaVersion
    76  
    77  	return brokerConfig
    78  }