erigon-pulse/gointerfaces/grpcutil/utils.go

package grpcutil

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"time"

	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
	grpc_recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/keepalive"
)

func TLS(tlsCACert, tlsCertFile, tlsKeyFile string) (credentials.TransportCredentials, error) {
	// load peer cert/key, ca cert
	if tlsCACert == "" {
		return credentials.NewServerTLSFromFile(tlsCertFile, tlsKeyFile)
	}
	var caCert []byte
	peerCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
	if err != nil {
		return nil, fmt.Errorf("load peer cert/key error:%w", err)
	}
	caCert, err = ioutil.ReadFile(tlsCACert)
	if err != nil {
		return nil, fmt.Errorf("read ca cert file error:%w", err)
	}
	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)
	return credentials.NewTLS(&tls.Config{
		Certificates: []tls.Certificate{peerCert},
		ClientCAs:    caCertPool,
		ClientAuth:   tls.RequireAndVerifyClientCert,
		MinVersion:   tls.VersionTLS12,
	}), nil
}

func NewServer(rateLimit uint32, creds *credentials.TransportCredentials) *grpc.Server {
	var (
		streamInterceptors []grpc.StreamServerInterceptor
		unaryInterceptors  []grpc.UnaryServerInterceptor
	)
	streamInterceptors = append(streamInterceptors, grpc_recovery.StreamServerInterceptor())
	unaryInterceptors = append(unaryInterceptors, grpc_recovery.UnaryServerInterceptor())

	//if metrics.Enabled {
	//	streamInterceptors = append(streamInterceptors, grpc_prometheus.StreamServerInterceptor)
	//	unaryInterceptors = append(unaryInterceptors, grpc_prometheus.UnaryServerInterceptor)
	//}

	var grpcServer *grpc.Server
	//cpus := uint32(runtime.GOMAXPROCS(-1))
	opts := []grpc.ServerOption{
		//grpc.NumStreamWorkers(cpus), // reduce amount of goroutines
		grpc.WriteBufferSize(1024), // reduce buffers to save mem
		grpc.ReadBufferSize(1024),
		grpc.MaxConcurrentStreams(rateLimit), // to force clients reduce concurrency level
		// Don't drop the connection, settings accordign to this comment on GitHub
		// https://github.com/grpc/grpc-go/issues/3171#issuecomment-552796779
		grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{
			MinTime:             10 * time.Second,
			PermitWithoutStream: true,
		}),
		grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(streamInterceptors...)),
		grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(unaryInterceptors...)),
	}
	if creds == nil {
		// no specific opts
	} else {
		opts = append(opts, grpc.Creds(*creds))
	}
	grpcServer = grpc.NewServer(opts...)

	//if metrics.Enabled {
	//	grpc_prometheus.Register(grpcServer)
	//}

	return grpcServer
}
Pool: add grpcutils pkg, no spamming logs on disconnect (#54) 2021-09-02 09:37:36 +00:00			`package grpcutil`

			`import (`
			`"crypto/tls"`
			`"crypto/x509"`
			`"fmt"`
			`"io/ioutil"`
			`"time"`

			`grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"`
			`grpc_recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery"`
			`"google.golang.org/grpc"`
			`"google.golang.org/grpc/credentials"`
			`"google.golang.org/grpc/keepalive"`
			`)`

			`func TLS(tlsCACert, tlsCertFile, tlsKeyFile string) (credentials.TransportCredentials, error) {`
			`// load peer cert/key, ca cert`
			`if tlsCACert == "" {`
			`return credentials.NewServerTLSFromFile(tlsCertFile, tlsKeyFile)`
			`}`
			`var caCert []byte`
			`peerCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)`
			`if err != nil {`
			`return nil, fmt.Errorf("load peer cert/key error:%w", err)`
			`}`
			`caCert, err = ioutil.ReadFile(tlsCACert)`
			`if err != nil {`
			`return nil, fmt.Errorf("read ca cert file error:%w", err)`
			`}`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`
			`return credentials.NewTLS(&tls.Config{`
			`Certificates: []tls.Certificate{peerCert},`
			`ClientCAs: caCertPool,`
			`ClientAuth: tls.RequireAndVerifyClientCert,`
			`MinVersion: tls.VersionTLS12,`
			`}), nil`
			`}`

			`func NewServer(rateLimit uint32, creds credentials.TransportCredentials) grpc.Server {`
			`var (`
			`streamInterceptors []grpc.StreamServerInterceptor`
			`unaryInterceptors []grpc.UnaryServerInterceptor`
			`)`
			`streamInterceptors = append(streamInterceptors, grpc_recovery.StreamServerInterceptor())`
			`unaryInterceptors = append(unaryInterceptors, grpc_recovery.UnaryServerInterceptor())`

			`//if metrics.Enabled {`
			`// streamInterceptors = append(streamInterceptors, grpc_prometheus.StreamServerInterceptor)`
			`// unaryInterceptors = append(unaryInterceptors, grpc_prometheus.UnaryServerInterceptor)`
			`//}`

			`var grpcServer *grpc.Server`
			`//cpus := uint32(runtime.GOMAXPROCS(-1))`
			`opts := []grpc.ServerOption{`
			`//grpc.NumStreamWorkers(cpus), // reduce amount of goroutines`
			`grpc.WriteBufferSize(1024), // reduce buffers to save mem`
			`grpc.ReadBufferSize(1024),`
			`grpc.MaxConcurrentStreams(rateLimit), // to force clients reduce concurrency level`
			`// Don't drop the connection, settings accordign to this comment on GitHub`
			`// https://github.com/grpc/grpc-go/issues/3171#issuecomment-552796779`
			`grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{`
			`MinTime: 10 * time.Second,`
			`PermitWithoutStream: true,`
			`}),`
			`grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(streamInterceptors...)),`
			`grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(unaryInterceptors...)),`
			`}`
			`if creds == nil {`
			`// no specific opts`
			`} else {`
			`opts = append(opts, grpc.Creds(*creds))`
			`}`
			`grpcServer = grpc.NewServer(opts...)`

			`//if metrics.Enabled {`
			`// grpc_prometheus.Register(grpcServer)`
			`//}`

			`return grpcServer`
			`}`