Chapter 7. QAT acceleration for encryption and compression

Procedure

1. Install qatlib-service, qatlib, qatzip, and qatengine packages.

   # dnf install -y qatlib-service qatlib qatzip qatengine

2. Add 'root' to the 'QAT' group on the HOST.

   # usermod -aG qat root

3. Ensure that the limits.conf file exists with the below data.

   1. To perform data encryption, ensure ServicesEnabled is set to asym in the configuration file.

      # cat /etc/sysconfig/qat
      
      ServicesEnabled=asym
      POLICY=8

   2. To perform data compression, ensure ServicesEnabled is set to dc in the configuration file.

      # cat /etc/sysconfig/qat
      
      ServicesEnabled=dc
      POLICY=8

   3. To perform both data encryption and compression, ensure ServicesEnabled is set to asym,dc in the configuration file.

      # cat /etc/sysconfig/qat
      
      ServicesEnabled=asym,dc
      POLICY=8

4. Configure the limits.conf file with the below data.

   # sudo vim /etc/security/limits.conf
   
   ...
   root - memlock 500000
   ceph - memlock 500000
   ...

5. Enable the configurations in the limits.conf file.

   # sudo su -l $USER

6. Enable the QAT service.

   # systemctl enable qat

7. Reboot the node.

   # systemctl reboot

8. Create the specification file and pass additional arguments to podman for Ceph Object Gateway:

   Note

   You can use the following command to generate the device list:

   --device /dev/vfio --device /dev/qat_adf_ctl $(for i in ls /dev/vfio/*) | grep 'dev' | grep -v ':' ; do echo --device $i;

   Example

   service_type: rgw
   service_id: rgw_qat
   placement:
     label: rgw
   extra_container_args:
     - "-v /etc/group:/etc/group:ro"
     - "--group-add=keep-groups"
     - "--cap-add=SYS_ADMIN"
     - "--cap-add=SYS_PTRACE"
     - "--cap-add=IPC_LOCK"
     - "--security-opt seccomp=unconfined"
     - "--ulimit memlock=209715200:209715200"
     - "--device=/dev/qat_adf_ctl:/dev/qat_adf_ctl"
     - "--device=/dev/vfio/vfio:/dev/vfio/vfio"
     - "--device=/dev/vfio/333:/dev/vfio/333"
     - "--device=/dev/vfio/334:/dev/vfio/334"
     - "--device=/dev/vfio/335:/dev/vfio/335"
     - "--device=/dev/vfio/336:/dev/vfio/336"
     - "--device=/dev/vfio/337:/dev/vfio/337"
     - "--device=/dev/vfio/338:/dev/vfio/338"
     - "--device=/dev/vfio/339:/dev/vfio/339"
     - "--device=/dev/vfio/340:/dev/vfio/340"
     - "--device=/dev/vfio/341:/dev/vfio/341"
     - "--device=/dev/vfio/342:/dev/vfio/342"
     - "--device=/dev/vfio/343:/dev/vfio/343"
     - "--device=/dev/vfio/344:/dev/vfio/344"
     - "--device=/dev/vfio/345:/dev/vfio/345"
     - "--device=/dev/vfio/346:/dev/vfio/346"
     - "--device=/dev/vfio/347:/dev/vfio/347"
     - "--device=/dev/vfio/348:/dev/vfio/348"
     - "--device=/dev/vfio/349:/dev/vfio/349"
     - "--device=/dev/vfio/350:/dev/vfio/350"
     - "--device=/dev/vfio/351:/dev/vfio/351"
     - "--device=/dev/vfio/352:/dev/vfio/352"
     - "--device=/dev/vfio/353:/dev/vfio/353"
     - "--device=/dev/vfio/354:/dev/vfio/354"
     - "--device=/dev/vfio/355:/dev/vfio/355"
     - "--device=/dev/vfio/356:/dev/vfio/356"
     - "--device=/dev/vfio/357:/dev/vfio/357"
     - "--device=/dev/vfio/358:/dev/vfio/358"
     - "--device=/dev/vfio/359:/dev/vfio/359"
     - "--device=/dev/vfio/360:/dev/vfio/360"
     - "--device=/dev/vfio/361:/dev/vfio/361"
     - "--device=/dev/vfio/362:/dev/vfio/362"
     - "--device=/dev/vfio/363:/dev/vfio/363"
     - "--device=/dev/vfio/364:/dev/vfio/364"
     - "--device=/dev/vfio/365:/dev/vfio/365"
     - "--device=/dev/vfio/366:/dev/vfio/366"
     - "--device=/dev/vfio/367:/dev/vfio/367"
     - "--device=/dev/vfio/368:/dev/vfio/368"
     - "--device=/dev/vfio/369:/dev/vfio/369"
     - "--device=/dev/vfio/370:/dev/vfio/370"
     - "--device=/dev/vfio/371:/dev/vfio/371"
     - "--device=/dev/vfio/372:/dev/vfio/372"
     - "--device=/dev/vfio/373:/dev/vfio/373"
     - "--device=/dev/vfio/374:/dev/vfio/374"
     - "--device=/dev/vfio/375:/dev/vfio/375"
     - "--device=/dev/vfio/376:/dev/vfio/376"
     - "--device=/dev/vfio/377:/dev/vfio/377"
     - "--device=/dev/vfio/378:/dev/vfio/378"
     - "--device=/dev/vfio/379:/dev/vfio/379"
     - "--device=/dev/vfio/380:/dev/vfio/380"
     - "--device=/dev/vfio/381:/dev/vfio/381"
     - "--device=/dev/vfio/382:/dev/vfio/382"
     - "--device=/dev/vfio/383:/dev/vfio/383"
     - "--device=/dev/vfio/384:/dev/vfio/384"
     - "--device=/dev/vfio/385:/dev/vfio/385"
     - "--device=/dev/vfio/386:/dev/vfio/386"
     - "--device=/dev/vfio/387:/dev/vfio/387"
     - "--device=/dev/vfio/388:/dev/vfio/388"
     - "--device=/dev/vfio/389:/dev/vfio/389"
     - "--device=/dev/vfio/390:/dev/vfio/390"
     - "--device=/dev/vfio/391:/dev/vfio/391"
     - "--device=/dev/vfio/392:/dev/vfio/392"
     - "--device=/dev/vfio/393:/dev/vfio/393"
     - "--device=/dev/vfio/394:/dev/vfio/394"
     - "--device=/dev/vfio/395:/dev/vfio/395"
     - "--device=/dev/vfio/396:/dev/vfio/396"
     - "--device=/dev/vfio/devices/vfio0:/dev/vfio/devices/vfio0"
     - "--device=/dev/vfio/devices/vfio1:/dev/vfio/devices/vfio1"
     - "--device=/dev/vfio/devices/vfio2:/dev/vfio/devices/vfio2"
     - "--device=/dev/vfio/devices/vfio3:/dev/vfio/devices/vfio3"
     - "--device=/dev/vfio/devices/vfio4:/dev/vfio/devices/vfio4"
     - "--device=/dev/vfio/devices/vfio5:/dev/vfio/devices/vfio5"
     - "--device=/dev/vfio/devices/vfio6:/dev/vfio/devices/vfio6"
     - "--device=/dev/vfio/devices/vfio7:/dev/vfio/devices/vfio7"
     - "--device=/dev/vfio/devices/vfio8:/dev/vfio/devices/vfio8"
     - "--device=/dev/vfio/devices/vfio9:/dev/vfio/devices/vfio9"
     - "--device=/dev/vfio/devices/vfio10:/dev/vfio/devices/vfio10"
     - "--device=/dev/vfio/devices/vfio11:/dev/vfio/devices/vfio11"
     - "--device=/dev/vfio/devices/vfio12:/dev/vfio/devices/vfio12"
     - "--device=/dev/vfio/devices/vfio13:/dev/vfio/devices/vfio13"
     - "--device=/dev/vfio/devices/vfio14:/dev/vfio/devices/vfio14"
     - "--device=/dev/vfio/devices/vfio15:/dev/vfio/devices/vfio15"
     - "--device=/dev/vfio/devices/vfio16:/dev/vfio/devices/vfio16"
     - "--device=/dev/vfio/devices/vfio17:/dev/vfio/devices/vfio17"
     - "--device=/dev/vfio/devices/vfio18:/dev/vfio/devices/vfio18"
     - "--device=/dev/vfio/devices/vfio19:/dev/vfio/devices/vfio19"
     - "--device=/dev/vfio/devices/vfio20:/dev/vfio/devices/vfio20"
     - "--device=/dev/vfio/devices/vfio21:/dev/vfio/devices/vfio21"
     - "--device=/dev/vfio/devices/vfio22:/dev/vfio/devices/vfio22"
     - "--device=/dev/vfio/devices/vfio23:/dev/vfio/devices/vfio23"
     - "--device=/dev/vfio/devices/vfio24:/dev/vfio/devices/vfio24"
     - "--device=/dev/vfio/devices/vfio25:/dev/vfio/devices/vfio25"
     - "--device=/dev/vfio/devices/vfio26:/dev/vfio/devices/vfio26"
     - "--device=/dev/vfio/devices/vfio27:/dev/vfio/devices/vfio27"
     - "--device=/dev/vfio/devices/vfio28:/dev/vfio/devices/vfio28"
     - "--device=/dev/vfio/devices/vfio29:/dev/vfio/devices/vfio29"
     - "--device=/dev/vfio/devices/vfio30:/dev/vfio/devices/vfio30"
     - "--device=/dev/vfio/devices/vfio31:/dev/vfio/devices/vfio31"
     - "--device=/dev/vfio/devices/vfio32:/dev/vfio/devices/vfio32"
     - "--device=/dev/vfio/devices/vfio33:/dev/vfio/devices/vfio33"
     - "--device=/dev/vfio/devices/vfio34:/dev/vfio/devices/vfio34"
     - "--device=/dev/vfio/devices/vfio35:/dev/vfio/devices/vfio35"
     - "--device=/dev/vfio/devices/vfio36:/dev/vfio/devices/vfio36"
     - "--device=/dev/vfio/devices/vfio37:/dev/vfio/devices/vfio37"
     - "--device=/dev/vfio/devices/vfio38:/dev/vfio/devices/vfio38"
     - "--device=/dev/vfio/devices/vfio39:/dev/vfio/devices/vfio39"
     - "--device=/dev/vfio/devices/vfio40:/dev/vfio/devices/vfio40"
     - "--device=/dev/vfio/devices/vfio41:/dev/vfio/devices/vfio41"
     - "--device=/dev/vfio/devices/vfio42:/dev/vfio/devices/vfio42"
     - "--device=/dev/vfio/devices/vfio43:/dev/vfio/devices/vfio43"
     - "--device=/dev/vfio/devices/vfio44:/dev/vfio/devices/vfio44"
     - "--device=/dev/vfio/devices/vfio45:/dev/vfio/devices/vfio45"
     - "--device=/dev/vfio/devices/vfio46:/dev/vfio/devices/vfio46"
     - "--device=/dev/vfio/devices/vfio47:/dev/vfio/devices/vfio47"
     - "--device=/dev/vfio/devices/vfio48:/dev/vfio/devices/vfio48"
     - "--device=/dev/vfio/devices/vfio49:/dev/vfio/devices/vfio49"
     - "--device=/dev/vfio/devices/vfio50:/dev/vfio/devices/vfio50"
     - "--device=/dev/vfio/devices/vfio51:/dev/vfio/devices/vfio51"
     - "--device=/dev/vfio/devices/vfio52:/dev/vfio/devices/vfio52"
     - "--device=/dev/vfio/devices/vfio53:/dev/vfio/devices/vfio53"
     - "--device=/dev/vfio/devices/vfio54:/dev/vfio/devices/vfio54"
     - "--device=/dev/vfio/devices/vfio55:/dev/vfio/devices/vfio55"
     - "--device=/dev/vfio/devices/vfio56:/dev/vfio/devices/vfio56"
     - "--device=/dev/vfio/devices/vfio57:/dev/vfio/devices/vfio57"
     - "--device=/dev/vfio/devices/vfio58:/dev/vfio/devices/vfio58"
     - "--device=/dev/vfio/devices/vfio59:/dev/vfio/devices/vfio59"
     - "--device=/dev/vfio/devices/vfio60:/dev/vfio/devices/vfio60"
     - "--device=/dev/vfio/devices/vfio61:/dev/vfio/devices/vfio61"
     - "--device=/dev/vfio/devices/vfio62:/dev/vfio/devices/vfio62"
     - "--device=/dev/vfio/devices/vfio63:/dev/vfio/devices/vfio63"
   networks:
   - 172.17.8.0/24
   spec:
     rgw_frontend_port: 8000

Procedure

1. To enable QAT-based encryption, edit the Ceph configuration file to make use of QAT-based crypto plugin:

   Syntax

   plugin crypto accelerator = crypto_qat

Procedure

1. To enable QAT-based compression, edit the Ceph configuration file to enable QAT support for compression:

   Syntax

   qat compressor enabled=true