Dragonfly2

1
/*
2
 *     Copyright 2020 The Dragonfly Authors
3
 *
4
 * Licensed under the Apache License, Version 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 *
8
 *      http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16

17
package config
18

19
import (
20
	"errors"
21
	"fmt"
22
	"net"
23
	"time"
24

25
	"d7y.io/dragonfly/v2/cmd/dependency/base"
26
	"d7y.io/dragonfly/v2/pkg/net/ip"
27
	"d7y.io/dragonfly/v2/pkg/objectstorage"
28
	"d7y.io/dragonfly/v2/pkg/rpc"
29
	"d7y.io/dragonfly/v2/pkg/slices"
30
	"d7y.io/dragonfly/v2/pkg/types"
31
)
32

33
type Config struct {
34
	// Base options.
35
	base.Options `yaml:",inline" mapstructure:",squash"`
36

37
	// Server configuration.
38
	Server ServerConfig `yaml:"server" mapstructure:"server"`
39

40
	// Auth configuration.
41
	Auth AuthConfig `yaml:"auth" mapstructure:"auth"`
42

43
	// Database configuration.
44
	Database DatabaseConfig `yaml:"database" mapstructure:"database"`
45

46
	// Cache configuration.
47
	Cache CacheConfig `yaml:"cache" mapstructure:"cache"`
48

49
	// Job configuration.
50
	Job JobConfig `yaml:"job" mapstructure:"job"`
51

52
	// ObjectStorage configuration.
53
	ObjectStorage ObjectStorageConfig `yaml:"objectStorage" mapstructure:"objectStorage"`
54

55
	// Metrics configuration.
56
	Metrics MetricsConfig `yaml:"metrics" mapstructure:"metrics"`
57

58
	// Security configuration.
59
	Security SecurityConfig `yaml:"security" mapstructure:"security"`
60

61
	// Network configuration.
62
	Network NetworkConfig `yaml:"network" mapstructure:"network"`
63

64
	// Trainer configuration.
65
	Trainer TrainerConfig `yaml:"trainer" mapstructure:"trainer"`
66
}
67

68
type ServerConfig struct {
69
	// Server name.
70
	Name string `yaml:"name" mapstructure:"name"`
71

72
	// Server work directory.
73
	WorkHome string `yaml:"workHome" mapstructure:"workHome"`
74

75
	// Server dynamic config cache directory.
76
	CacheDir string `yaml:"cacheDir" mapstructure:"cacheDir"`
77

78
	// Server log directory.
79
	LogDir string `yaml:"logDir" mapstructure:"logDir"`
80

81
	// Server plugin directory.
82
	PluginDir string `yaml:"pluginDir" mapstructure:"pluginDir"`
83

84
	// GRPC server configuration.
85
	GRPC GRPCConfig `yaml:"grpc" mapstructure:"grpc"`
86

87
	// REST server configuration.
88
	REST RESTConfig `yaml:"rest" mapstructure:"rest"`
89
}
90

91
type AuthConfig struct {
92
	// JWT configuration.
93
	JWT JWTConfig `yaml:"jwt" mapstructure:"jwt"`
94
}
95

96
type JWTConfig struct {
97
	// Realm name to display to the user, default value is Dragonfly.
98
	Realm string `yaml:"realm" mapstructure:"realm"`
99

100
	// Key is secret key used for signing. Please change the key in production
101
	Key string `yaml:"key" mapstructure:"key"`
102

103
	// Timeout is duration that a jwt token is valid, default duration is two days.
104
	Timeout time.Duration `yaml:"timeout" mapstructure:"timeout"`
105

106
	// MaxRefresh field allows clients to refresh their token until MaxRefresh has passed, default duration is two days.
107
	MaxRefresh time.Duration `yaml:"maxRefresh" mapstructure:"maxRefresh"`
108
}
109

110
type DatabaseConfig struct {
111
	// Database type.
112
	Type string `yaml:"type" mapstructure:"type"`
113

114
	// Mysql configuration.
115
	Mysql MysqlConfig `yaml:"mysql" mapstructure:"mysql"`
116

117
	// Postgres configuration.
118
	Postgres PostgresConfig `yaml:"postgres" mapstructure:"postgres"`
119

120
	// Redis configuration.
121
	Redis RedisConfig `yaml:"redis" mapstructure:"redis"`
122
}
123

124
type MysqlConfig struct {
125
	// Server username.
126
	User string `yaml:"user" mapstructure:"user"`
127

128
	// Server password.
129
	Password string `yaml:"password" mapstructure:"password"`
130

131
	// Server host.
132
	Host string `yaml:"host" mapstructure:"host"`
133

134
	// Server port.
135
	Port int `yaml:"port" mapstructure:"port"`
136

137
	// Server DB name.
138
	DBName string `yaml:"dbname" mapstructure:"dbname"`
139

140
	// TLS mode (can be one of "true", "false", "skip-verify",  or "preferred").
141
	TLSConfig string `yaml:"tlsConfig" mapstructure:"tlsConfig"`
142

143
	// Custom TLS client configuration (overrides "TLSConfig" setting above).
144
	TLS *MysqlTLSClientConfig `yaml:"tls" mapstructure:"tls"`
145

146
	// Enable migration.
147
	Migrate bool `yaml:"migrate" mapstructure:"migrate"`
148
}
149

150
type MysqlTLSClientConfig struct {
151
	// Client certificate file path.
152
	Cert string `yaml:"cert" mapstructure:"cert"`
153

154
	// Client key file path.
155
	Key string `yaml:"key" mapstructure:"key"`
156

157
	// CA file path.
158
	CA string `yaml:"ca" mapstructure:"ca"`
159

160
	// InsecureSkipVerify controls whether a client verifies the
161
	// server's certificate chain and host name.
162
	InsecureSkipVerify bool `yaml:"insecureSkipVerify" mapstructure:"insecureSkipVerify"`
163
}
164

165
type PostgresConfig struct {
166
	// Server username.
167
	User string `yaml:"user" mapstructure:"user"`
168

169
	// Server password.
170
	Password string `yaml:"password" mapstructure:"password"`
171

172
	// Server host.
173
	Host string `yaml:"host" mapstructure:"host"`
174

175
	// Server port.
176
	Port int `yaml:"port" mapstructure:"port"`
177

178
	// Server DB name.
179
	DBName string `yaml:"dbname" mapstructure:"dbname"`
180

181
	// SSL mode.
182
	SSLMode string `yaml:"sslMode" mapstructure:"sslMode"`
183

184
	// Disable prepared statement.
185
	PreferSimpleProtocol bool `yaml:"preferSimpleProtocol" mapstructure:"preferSimpleProtocol"`
186

187
	// Server timezone.
188
	Timezone string `yaml:"timezone" mapstructure:"timezone"`
189

190
	// Enable migration.
191
	Migrate bool `yaml:"migrate" mapstructure:"migrate"`
192
}
193

194
type RedisConfig struct {
195
	// DEPRECATED: Please use the `addrs` field instead.
196
	Host string `yaml:"host" mapstructure:"host"`
197

198
	// DEPRECATED: Please use the `addrs` field instead.
199
	Port int `yaml:"port" mapstructure:"port"`
200

201
	// Addrs is server addresses.
202
	Addrs []string `yaml:"addrs" mapstructure:"addrs"`
203

204
	// MasterName is the sentinel master name.
205
	MasterName string `yaml:"masterName" mapstructure:"masterName"`
206

207
	// Username is server username.
208
	Username string `yaml:"username" mapstructure:"username"`
209

210
	// Password is server password.
211
	Password string `yaml:"password" mapstructure:"password"`
212

213
	// DB is server cache DB name.
214
	DB int `yaml:"db" mapstructure:"db"`
215

216
	// BrokerDB is server broker DB name.
217
	BrokerDB int `yaml:"brokerDB" mapstructure:"brokerDB"`
218

219
	// BackendDB is server backend DB name.
220
	BackendDB int `yaml:"backendDB" mapstructure:"backendDB"`
221
}
222

223
type CacheConfig struct {
224
	// Redis cache configuration.
225
	Redis RedisCacheConfig `yaml:"redis" mapstructure:"redis"`
226

227
	// Local cache configuration.
228
	Local LocalCacheConfig `yaml:"local" mapstructure:"local"`
229
}
230

231
type RedisCacheConfig struct {
232
	// Cache TTL.
233
	TTL time.Duration `yaml:"ttl" mapstructure:"ttl"`
234
}
235

236
type LocalCacheConfig struct {
237
	// Size of LFU cache.
238
	Size int `yaml:"size" mapstructure:"size"`
239

240
	// Cache TTL.
241
	TTL time.Duration `yaml:"ttl" mapstructure:"ttl"`
242
}
243

244
type RESTConfig struct {
245
	// REST server address.
246
	Addr string `yaml:"addr" mapstructure:"addr"`
247

248
	// TLS server configuration.
249
	TLS *TLSServerConfig `yaml:"tls" mapstructure:"tls"`
250
}
251

252
type TLSServerConfig struct {
253
	// Certificate file path.
254
	Cert string `yaml:"cert" mapstructure:"cert"`
255

256
	// Key file path.
257
	Key string `yaml:"key" mapstructure:"key"`
258
}
259

260
type MetricsConfig struct {
261
	// Enable metrics service.
262
	Enable bool `yaml:"enable" mapstructure:"enable"`
263

264
	// Metrics service address.
265
	Addr string `yaml:"addr" mapstructure:"addr"`
266
}
267

268
type GRPCConfig struct {
269
	// AdvertiseIP is advertise ip.
270
	AdvertiseIP net.IP `yaml:"advertiseIP" mapstructure:"advertiseIP"`
271

272
	// ListenIP is listen ip, like: 0.0.0.0, 192.168.0.1.
273
	ListenIP net.IP `mapstructure:"listenIP" yaml:"listenIP"`
274

275
	// Port is listen port.
276
	PortRange TCPListenPortRange `yaml:"port" mapstructure:"port"`
277
}
278

279
type TCPListenPortRange struct {
280
	Start int
281
	End   int
282
}
283

284
type JobConfig struct {
285
	// Preheat configuration.
286
	Preheat PreheatConfig `yaml:"preheat" mapstructure:"preheat"`
287

288
	// Sync peers configuration.
289
	SyncPeers SyncPeersConfig `yaml:"syncPeers" mapstructure:"syncPeers"`
290
}
291

292
type PreheatConfig struct {
293
	// RegistryTimeout is the timeout for requesting registry to get token and manifest.
294
	RegistryTimeout time.Duration `yaml:"registryTimeout" mapstructure:"registryTimeout"`
295

296
	// TLS client configuration.
297
	TLS *PreheatTLSClientConfig `yaml:"tls" mapstructure:"tls"`
298
}
299

300
type SyncPeersConfig struct {
301
	// Interval is the interval for syncing all peers information from the scheduler and
302
	// display peers information in the manager console.
303
	Interval time.Duration `yaml:"interval" mapstructure:"interval"`
304

305
	// Timeout is the timeout for syncing peers information from the single scheduler.
306
	Timeout time.Duration `yaml:"timeout" mapstructure:"timeout"`
307
}
308

309
type PreheatTLSClientConfig struct {
310
	// CACert is the CA certificate for preheat tls handshake, it can be path or PEM format string.
311
	CACert types.PEMContent `yaml:"caCert" mapstructure:"caCert"`
312
}
313

314
type ObjectStorageConfig struct {
315
	// Enable object storage.
316
	Enable bool `yaml:"enable" mapstructure:"enable"`
317

318
	// Name is object storage name of type, it can be s3, oss or obs.
319
	Name string `mapstructure:"name" yaml:"name"`
320

321
	// Region is storage region.
322
	Region string `mapstructure:"region" yaml:"region"`
323

324
	// Endpoint is datacenter endpoint.
325
	Endpoint string `mapstructure:"endpoint" yaml:"endpoint"`
326

327
	// AccessKey is access key ID.
328
	AccessKey string `mapstructure:"accessKey" yaml:"accessKey"`
329

330
	// SecretKey is access key secret.
331
	SecretKey string `mapstructure:"secretKey" yaml:"secretKey"`
332

333
	// S3ForcePathStyle sets force path style for s3, true by default.
334
	// Set this to `true` to force the request to use path-style addressing,
335
	// i.e., `http://s3.amazonaws.com/BUCKET/KEY`. By default, the S3 client
336
	// will use virtual hosted bucket addressing when possible
337
	// (`http://BUCKET.s3.amazonaws.com/KEY`).
338
	// Refer to https://github.com/aws/aws-sdk-go/blob/main/aws/config.go#L118.
339
	S3ForcePathStyle bool `mapstructure:"s3ForcePathStyle" yaml:"s3ForcePathStyle"`
340
}
341

342
type SecurityConfig struct {
343
	// AutoIssueCert indicates to issue client certificates for all grpc call.
344
	AutoIssueCert bool `yaml:"autoIssueCert" mapstructure:"autoIssueCert"`
345

346
	// CACert is the CA certificate for all grpc tls handshake, it can be path or PEM format string.
347
	CACert types.PEMContent `mapstructure:"caCert" yaml:"caCert"`
348

349
	// CAKey is the CA private key, it can be path or PEM format string.
350
	CAKey types.PEMContent `mapstructure:"caKey" yaml:"caKey"`
351

352
	// TLSPolicy controls the grpc shandshake behaviors:
353
	// force: both ClientHandshake and ServerHandshake are only support tls
354
	// prefer: ServerHandshake supports tls and insecure (non-tls), ClientHandshake will only support tls
355
	// default: ServerHandshake supports tls and insecure (non-tls), ClientHandshake will only support insecure (non-tls)
356
	TLSPolicy string `mapstructure:"tlsPolicy" yaml:"tlsPolicy"`
357

358
	// CertSpec is the desired state of certificate.
359
	CertSpec CertSpec `mapstructure:"certSpec" yaml:"certSpec"`
360
}
361

362
type CertSpec struct {
363
	// DNSNames is a list of dns names be set on the certificate.
364
	DNSNames []string `mapstructure:"dnsNames" yaml:"dnsNames"`
365

366
	// IPAddresses is a list of ip addresses be set on the certificate.
367
	IPAddresses []net.IP `mapstructure:"ipAddresses" yaml:"ipAddresses"`
368

369
	// ValidityPeriod is the validity period  of certificate.
370
	ValidityPeriod time.Duration `mapstructure:"validityPeriod" yaml:"validityPeriod"`
371
}
372

373
type NetworkConfig struct {
374
	// EnableIPv6 enables ipv6 for server.
375
	EnableIPv6 bool `mapstructure:"enableIPv6" yaml:"enableIPv6"`
376
}
377

378
type TrainerConfig struct {
379
	// Enable trainer service.
380
	Enable bool `yaml:"enable" mapstructure:"enable"`
381

382
	// BucketName is the object storage bucket name of model.
383
	BucketName string `yaml:"bucketName" mapstructure:"bucketName"`
384
}
385

386
// New config instance.
387
func New() *Config {
388
	return &Config{
389
		Server: ServerConfig{
390
			Name: DefaultServerName,
391
			GRPC: GRPCConfig{
392
				PortRange: TCPListenPortRange{
393
					Start: DefaultGRPCPort,
394
					End:   DefaultGRPCPort,
395
				},
396
			},
397
			REST: RESTConfig{
398
				Addr: DefaultRESTAddr,
399
			},
400
		},
401
		Auth: AuthConfig{
402
			JWT: JWTConfig{
403
				Realm:      DefaultJWTRealm,
404
				Timeout:    DefaultJWTTimeout,
405
				MaxRefresh: DefaultJWTMaxRefresh,
406
			},
407
		},
408
		Database: DatabaseConfig{
409
			Type: DatabaseTypeMysql,
410
			Mysql: MysqlConfig{
411
				Port:    DefaultMysqlPort,
412
				DBName:  DefaultMysqlDBName,
413
				Migrate: true,
414
			},
415
			Postgres: PostgresConfig{
416
				Port:                 DefaultPostgresPort,
417
				DBName:               DefaultPostgresDBName,
418
				SSLMode:              DefaultPostgresSSLMode,
419
				PreferSimpleProtocol: DefaultPostgresPreferSimpleProtocol,
420
				Timezone:             DefaultPostgresTimezone,
421
				Migrate:              true,
422
			},
423
			Redis: RedisConfig{
424
				DB:        DefaultRedisDB,
425
				BrokerDB:  DefaultRedisBrokerDB,
426
				BackendDB: DefaultRedisBackendDB,
427
			},
428
		},
429
		Cache: CacheConfig{
430
			Redis: RedisCacheConfig{
431
				TTL: DefaultRedisCacheTTL,
432
			},
433
			Local: LocalCacheConfig{
434
				Size: DefaultLFUCacheSize,
435
				TTL:  DefaultLFUCacheTTL,
436
			},
437
		},
438
		Job: JobConfig{
439
			Preheat: PreheatConfig{
440
				RegistryTimeout: DefaultJobPreheatRegistryTimeout,
441
			},
442
			SyncPeers: SyncPeersConfig{
443
				Interval: DefaultJobSyncPeersInterval,
444
				Timeout:  DefaultJobSyncPeersTimeout,
445
			},
446
		},
447
		ObjectStorage: ObjectStorageConfig{
448
			Enable:           false,
449
			S3ForcePathStyle: true,
450
		},
451
		Security: SecurityConfig{
452
			AutoIssueCert: false,
453
			TLSPolicy:     rpc.PreferTLSPolicy,
454
			CertSpec: CertSpec{
455
				DNSNames:       DefaultCertDNSNames,
456
				IPAddresses:    DefaultCertIPAddresses,
457
				ValidityPeriod: DefaultCertValidityPeriod,
458
			},
459
		},
460
		Metrics: MetricsConfig{
461
			Enable: false,
462
			Addr:   DefaultMetricsAddr,
463
		},
464
		Network: NetworkConfig{
465
			EnableIPv6: DefaultNetworkEnableIPv6,
466
		},
467
		Trainer: TrainerConfig{
468
			Enable:     false,
469
			BucketName: DefaultTrainerBucketName,
470
		},
471
	}
472
}
473

474
// Validate config values
475
func (cfg *Config) Validate() error {
476
	if cfg.Server.Name == "" {
477
		return errors.New("server requires parameter name")
478
	}
479

480
	if cfg.Server.GRPC.AdvertiseIP == nil {
481
		return errors.New("grpc requires parameter advertiseIP")
482
	}
483

484
	if cfg.Server.GRPC.ListenIP == nil {
485
		return errors.New("grpc requires parameter listenIP")
486
	}
487

488
	if cfg.Server.REST.TLS != nil {
489
		if cfg.Server.REST.TLS.Cert == "" {
490
			return errors.New("tls requires parameter cert")
491
		}
492

493
		if cfg.Server.REST.TLS.Key == "" {
494
			return errors.New("tls requires parameter key")
495
		}
496
	}
497

498
	if cfg.Auth.JWT.Realm == "" {
499
		return errors.New("jwt requires parameter realm")
500
	}
501

502
	if cfg.Auth.JWT.Key == "" {
503
		return errors.New("jwt requires parameter key")
504
	}
505

506
	if cfg.Auth.JWT.Timeout == 0 {
507
		return errors.New("jwt requires parameter timeout")
508
	}
509

510
	if cfg.Auth.JWT.MaxRefresh == 0 {
511
		return errors.New("jwt requires parameter maxRefresh")
512
	}
513

514
	if cfg.Database.Type == "" {
515
		return errors.New("database requires parameter type")
516
	}
517

518
	if slices.Contains([]string{DatabaseTypeMysql, DatabaseTypeMariaDB}, cfg.Database.Type) {
519
		if cfg.Database.Mysql.User == "" {
520
			return errors.New("mysql requires parameter user")
521
		}
522

523
		if cfg.Database.Mysql.Password == "" {
524
			return errors.New("mysql requires parameter password")
525
		}
526

527
		if cfg.Database.Mysql.Host == "" {
528
			return errors.New("mysql requires parameter host")
529
		}
530

531
		if cfg.Database.Mysql.Port <= 0 {
532
			return errors.New("mysql requires parameter port")
533
		}
534

535
		if cfg.Database.Mysql.DBName == "" {
536
			return errors.New("mysql requires parameter dbname")
537
		}
538

539
		if cfg.Database.Mysql.TLS != nil {
540
			if cfg.Database.Mysql.TLS.Cert == "" {
541
				return errors.New("tls requires parameter cert")
542
			}
543

544
			if cfg.Database.Mysql.TLS.Key == "" {
545
				return errors.New("tls requires parameter key")
546
			}
547

548
			if cfg.Database.Mysql.TLS.CA == "" {
549
				return errors.New("tls requires parameter ca")
550
			}
551
		}
552
	}
553

554
	if cfg.Database.Type == DatabaseTypePostgres {
555
		if cfg.Database.Postgres.User == "" {
556
			return errors.New("postgres requires parameter user")
557
		}
558

559
		if cfg.Database.Postgres.Password == "" {
560
			return errors.New("postgres requires parameter password")
561
		}
562

563
		if cfg.Database.Postgres.Host == "" {
564
			return errors.New("postgres requires parameter host")
565
		}
566

567
		if cfg.Database.Postgres.Port <= 0 {
568
			return errors.New("postgres requires parameter port")
569
		}
570

571
		if cfg.Database.Postgres.DBName == "" {
572
			return errors.New("postgres requires parameter dbname")
573
		}
574

575
		if cfg.Database.Postgres.SSLMode == "" {
576
			return errors.New("postgres requires parameter sslMode")
577
		}
578

579
		if cfg.Database.Postgres.Timezone == "" {
580
			return errors.New("postgres requires parameter timezone")
581
		}
582
	}
583

584
	if len(cfg.Database.Redis.Addrs) == 0 {
585
		return errors.New("redis requires parameter addrs")
586
	}
587

588
	if cfg.Database.Redis.DB < 0 {
589
		return errors.New("redis requires parameter db")
590
	}
591

592
	if cfg.Database.Redis.BrokerDB < 0 {
593
		return errors.New("redis requires parameter brokerDB")
594
	}
595

596
	if cfg.Database.Redis.BackendDB < 0 {
597
		return errors.New("redis requires parameter backendDB")
598
	}
599

600
	if cfg.Cache.Redis.TTL == 0 {
601
		return errors.New("redis requires parameter ttl")
602
	}
603

604
	if cfg.Cache.Local.Size == 0 {
605
		return errors.New("local requires parameter size")
606
	}
607

608
	if cfg.Cache.Local.TTL == 0 {
609
		return errors.New("local requires parameter ttl")
610
	}
611

612
	if cfg.Job.Preheat.TLS != nil {
613
		if cfg.Job.Preheat.TLS.CACert == "" {
614
			return errors.New("preheat requires parameter caCert")
615
		}
616
	}
617

618
	if cfg.Job.Preheat.RegistryTimeout == 0 {
619
		return errors.New("preheat requires parameter registryTimeout")
620
	}
621

622
	if cfg.Job.SyncPeers.Interval <= MinJobSyncPeersInterval {
623
		return errors.New("syncPeers requires parameter interval and it must be greater than 12 hours")
624
	}
625

626
	if cfg.Job.SyncPeers.Timeout == 0 {
627
		return errors.New("syncPeers requires parameter timeout")
628
	}
629

630
	if cfg.ObjectStorage.Enable {
631
		if cfg.ObjectStorage.Name == "" {
632
			return errors.New("objectStorage requires parameter name")
633
		}
634

635
		if !slices.Contains([]string{objectstorage.ServiceNameS3, objectstorage.ServiceNameOSS, objectstorage.ServiceNameOBS}, cfg.ObjectStorage.Name) {
636
			return errors.New("objectStorage requires parameter name")
637
		}
638

639
		if cfg.ObjectStorage.AccessKey == "" {
640
			return errors.New("objectStorage requires parameter accessKey")
641
		}
642

643
		if cfg.ObjectStorage.SecretKey == "" {
644
			return errors.New("objectStorage requires parameter secretKey")
645
		}
646
	}
647

648
	if cfg.Metrics.Enable {
649
		if cfg.Metrics.Addr == "" {
650
			return errors.New("metrics requires parameter addr")
651
		}
652
	}
653

654
	if cfg.Security.AutoIssueCert {
655
		if cfg.Security.CACert == "" {
656
			return errors.New("security requires parameter caCert")
657
		}
658

659
		if cfg.Security.CAKey == "" {
660
			return errors.New("security requires parameter caKey")
661
		}
662

663
		if !slices.Contains([]string{rpc.DefaultTLSPolicy, rpc.ForceTLSPolicy, rpc.PreferTLSPolicy}, cfg.Security.TLSPolicy) {
664
			return errors.New("security requires parameter tlsPolicy")
665
		}
666

667
		if len(cfg.Security.CertSpec.IPAddresses) == 0 {
668
			return errors.New("certSpec requires parameter ipAddresses")
669
		}
670

671
		if len(cfg.Security.CertSpec.DNSNames) == 0 {
672
			return errors.New("certSpec requires parameter dnsNames")
673
		}
674

675
		if cfg.Security.CertSpec.ValidityPeriod <= 0 {
676
			return errors.New("certSpec requires parameter validityPeriod")
677
		}
678
	}
679

680
	if cfg.Trainer.Enable {
681
		if cfg.Trainer.BucketName == "" {
682
			return errors.New("trainer requires parameter bucketName")
683
		}
684
	}
685
	return nil
686
}
687

688
func (cfg *Config) Convert() error {
689
	// TODO Compatible with deprecated fields host and port.
690
	if len(cfg.Database.Redis.Addrs) == 0 && cfg.Database.Redis.Host != "" && cfg.Database.Redis.Port > 0 {
691
		cfg.Database.Redis.Addrs = []string{fmt.Sprintf("%s:%d", cfg.Database.Redis.Host, cfg.Database.Redis.Port)}
692
	}
693

694
	if cfg.Server.GRPC.AdvertiseIP == nil {
695
		if cfg.Network.EnableIPv6 {
696
			cfg.Server.GRPC.AdvertiseIP = ip.IPv6
697
		} else {
698
			cfg.Server.GRPC.AdvertiseIP = ip.IPv4
699
		}
700
	}
701

702
	if cfg.Server.GRPC.ListenIP == nil {
703
		if cfg.Network.EnableIPv6 {
704
			cfg.Server.GRPC.ListenIP = net.IPv6zero
705
		} else {
706
			cfg.Server.GRPC.ListenIP = net.IPv4zero
707
		}
708
	}
709

710
	return nil
711
}
712