7장. 암호화 및 압축을 위한 QAT 가속
Intel QAT(QuickAssist Technology)는 실제 암호화 및 압축 요청을 하드웨어 QuickAssist 가속기에 오프로드하여 확장된 가속화 암호화 및 압축 서비스를 제공할 수 있으며, 이는 이러한 특정 컴퓨팅 집약적 워크로드의 일반 용도 CPU보다 비용 및 전력 측면에서 더 효율적입니다.
중요
QAT는 Red Hat Ceph Storage 7.1(Greenfield 전용)의 새로운 설정에서만 구성할 수 있습니다. QAT Ceph Object Gateway 데몬은 비QAT(일반) Ceph Object Gateway 데몬과 동일한 클러스터에서 구성할 수 없습니다.
중요
Ceph Object Gateway의 하드웨어 가속 압축에는 QAT 장치가 있는 Sapphire 또는 Emerald Rapids Xeon CPU (또는 최신)에 RHEL 9.4가 필요합니다. 자세한 내용은 Intel Ark 를 참조하십시오.
사전 요구 사항
- 실행 중인 Red Hat Ceph Storage 클러스터.
- Ceph Object 게이트웨이가 설치되어 있어야 합니다.
'GRUB'는
intel_iommu매개변수를 전달하도록 구성되어 있습니다.grubby --update-kernel=ALL --args="intel_iommu=on"
7.1. QAT 서비스 설정
Ceph Object Gateway 오브젝트를 암호화하고 압축하도록 QAT 서비스를 설정할 수 있습니다.
프로세스
qatlib-service,qatlib,qatzip및qatengine패키지를 설치합니다.# dnf install -y qatlib-service qatlib qatzip qatengine
HOST의 'QAT' 그룹에 'root'를 추가합니다.
# usermod -aG qat root
아래 데이터와 함께 limits.conf 파일이 있는지 확인합니다.
데이터 암호화를 수행하려면 구성 파일에서
ServicesEnabled가asym으로 설정되어 있는지 확인합니다.# cat /etc/sysconfig/qat ServicesEnabled=asym POLICY=8
데이터 압축을 수행하려면 구성 파일에서
ServicesEnabled가dc로 설정되어 있는지 확인합니다.# cat /etc/sysconfig/qat ServicesEnabled=dc POLICY=8
데이터 암호화 및 압축을 수행하려면 구성 파일에서
ServicesEnabled가대칭설정되어 있는지 확인합니다.dc로# cat /etc/sysconfig/qat ServicesEnabled=asym,dc POLICY=8
아래 데이터로
limits.conf파일을 구성합니다.# sudo vim /etc/security/limits.conf ... root - memlock 500000 ceph - memlock 500000 ...
limits.conf파일에서 구성을 활성화합니다.# sudo su -l $USER
QAT 서비스를 활성화합니다.
# systemctl enable qat
노드를 재부팅합니다.
# systemctl reboot
사양 파일을 생성하고 Ceph Object Gateway의 podman에 추가 인수를 전달합니다.
참고다음 명령을 사용하여 장치 목록을 생성할 수 있습니다.
--device /dev/vfio --device /dev/qat_adf_ctl $(i in
ls /dev/vfio/*) | grep 'dev' | grep -v ':'; echo --device $i;예
service_type: rgw service_id: rgw_qat placement: label: rgw extra_container_args: - "-v /etc/group:/etc/group:ro" - "--group-add=keep-groups" - "--cap-add=SYS_ADMIN" - "--cap-add=SYS_PTRACE" - "--cap-add=IPC_LOCK" - "--security-opt seccomp=unconfined" - "--ulimit memlock=209715200:209715200" - "--device=/dev/qat_adf_ctl:/dev/qat_adf_ctl" - "--device=/dev/vfio/vfio:/dev/vfio/vfio" - "--device=/dev/vfio/333:/dev/vfio/333" - "--device=/dev/vfio/334:/dev/vfio/334" - "--device=/dev/vfio/335:/dev/vfio/335" - "--device=/dev/vfio/336:/dev/vfio/336" - "--device=/dev/vfio/337:/dev/vfio/337" - "--device=/dev/vfio/338:/dev/vfio/338" - "--device=/dev/vfio/339:/dev/vfio/339" - "--device=/dev/vfio/340:/dev/vfio/340" - "--device=/dev/vfio/341:/dev/vfio/341" - "--device=/dev/vfio/342:/dev/vfio/342" - "--device=/dev/vfio/343:/dev/vfio/343" - "--device=/dev/vfio/344:/dev/vfio/344" - "--device=/dev/vfio/345:/dev/vfio/345" - "--device=/dev/vfio/346:/dev/vfio/346" - "--device=/dev/vfio/347:/dev/vfio/347" - "--device=/dev/vfio/348:/dev/vfio/348" - "--device=/dev/vfio/349:/dev/vfio/349" - "--device=/dev/vfio/350:/dev/vfio/350" - "--device=/dev/vfio/351:/dev/vfio/351" - "--device=/dev/vfio/352:/dev/vfio/352" - "--device=/dev/vfio/353:/dev/vfio/353" - "--device=/dev/vfio/354:/dev/vfio/354" - "--device=/dev/vfio/355:/dev/vfio/355" - "--device=/dev/vfio/356:/dev/vfio/356" - "--device=/dev/vfio/357:/dev/vfio/357" - "--device=/dev/vfio/358:/dev/vfio/358" - "--device=/dev/vfio/359:/dev/vfio/359" - "--device=/dev/vfio/360:/dev/vfio/360" - "--device=/dev/vfio/361:/dev/vfio/361" - "--device=/dev/vfio/362:/dev/vfio/362" - "--device=/dev/vfio/363:/dev/vfio/363" - "--device=/dev/vfio/364:/dev/vfio/364" - "--device=/dev/vfio/365:/dev/vfio/365" - "--device=/dev/vfio/366:/dev/vfio/366" - "--device=/dev/vfio/367:/dev/vfio/367" - "--device=/dev/vfio/368:/dev/vfio/368" - "--device=/dev/vfio/369:/dev/vfio/369" - "--device=/dev/vfio/370:/dev/vfio/370" - "--device=/dev/vfio/371:/dev/vfio/371" - "--device=/dev/vfio/372:/dev/vfio/372" - "--device=/dev/vfio/373:/dev/vfio/373" - "--device=/dev/vfio/374:/dev/vfio/374" - "--device=/dev/vfio/375:/dev/vfio/375" - "--device=/dev/vfio/376:/dev/vfio/376" - "--device=/dev/vfio/377:/dev/vfio/377" - "--device=/dev/vfio/378:/dev/vfio/378" - "--device=/dev/vfio/379:/dev/vfio/379" - "--device=/dev/vfio/380:/dev/vfio/380" - "--device=/dev/vfio/381:/dev/vfio/381" - "--device=/dev/vfio/382:/dev/vfio/382" - "--device=/dev/vfio/383:/dev/vfio/383" - "--device=/dev/vfio/384:/dev/vfio/384" - "--device=/dev/vfio/385:/dev/vfio/385" - "--device=/dev/vfio/386:/dev/vfio/386" - "--device=/dev/vfio/387:/dev/vfio/387" - "--device=/dev/vfio/388:/dev/vfio/388" - "--device=/dev/vfio/389:/dev/vfio/389" - "--device=/dev/vfio/390:/dev/vfio/390" - "--device=/dev/vfio/391:/dev/vfio/391" - "--device=/dev/vfio/392:/dev/vfio/392" - "--device=/dev/vfio/393:/dev/vfio/393" - "--device=/dev/vfio/394:/dev/vfio/394" - "--device=/dev/vfio/395:/dev/vfio/395" - "--device=/dev/vfio/396:/dev/vfio/396" - "--device=/dev/vfio/devices/vfio0:/dev/vfio/devices/vfio0" - "--device=/dev/vfio/devices/vfio1:/dev/vfio/devices/vfio1" - "--device=/dev/vfio/devices/vfio2:/dev/vfio/devices/vfio2" - "--device=/dev/vfio/devices/vfio3:/dev/vfio/devices/vfio3" - "--device=/dev/vfio/devices/vfio4:/dev/vfio/devices/vfio4" - "--device=/dev/vfio/devices/vfio5:/dev/vfio/devices/vfio5" - "--device=/dev/vfio/devices/vfio6:/dev/vfio/devices/vfio6" - "--device=/dev/vfio/devices/vfio7:/dev/vfio/devices/vfio7" - "--device=/dev/vfio/devices/vfio8:/dev/vfio/devices/vfio8" - "--device=/dev/vfio/devices/vfio9:/dev/vfio/devices/vfio9" - "--device=/dev/vfio/devices/vfio10:/dev/vfio/devices/vfio10" - "--device=/dev/vfio/devices/vfio11:/dev/vfio/devices/vfio11" - "--device=/dev/vfio/devices/vfio12:/dev/vfio/devices/vfio12" - "--device=/dev/vfio/devices/vfio13:/dev/vfio/devices/vfio13" - "--device=/dev/vfio/devices/vfio14:/dev/vfio/devices/vfio14" - "--device=/dev/vfio/devices/vfio15:/dev/vfio/devices/vfio15" - "--device=/dev/vfio/devices/vfio16:/dev/vfio/devices/vfio16" - "--device=/dev/vfio/devices/vfio17:/dev/vfio/devices/vfio17" - "--device=/dev/vfio/devices/vfio18:/dev/vfio/devices/vfio18" - "--device=/dev/vfio/devices/vfio19:/dev/vfio/devices/vfio19" - "--device=/dev/vfio/devices/vfio20:/dev/vfio/devices/vfio20" - "--device=/dev/vfio/devices/vfio21:/dev/vfio/devices/vfio21" - "--device=/dev/vfio/devices/vfio22:/dev/vfio/devices/vfio22" - "--device=/dev/vfio/devices/vfio23:/dev/vfio/devices/vfio23" - "--device=/dev/vfio/devices/vfio24:/dev/vfio/devices/vfio24" - "--device=/dev/vfio/devices/vfio25:/dev/vfio/devices/vfio25" - "--device=/dev/vfio/devices/vfio26:/dev/vfio/devices/vfio26" - "--device=/dev/vfio/devices/vfio27:/dev/vfio/devices/vfio27" - "--device=/dev/vfio/devices/vfio28:/dev/vfio/devices/vfio28" - "--device=/dev/vfio/devices/vfio29:/dev/vfio/devices/vfio29" - "--device=/dev/vfio/devices/vfio30:/dev/vfio/devices/vfio30" - "--device=/dev/vfio/devices/vfio31:/dev/vfio/devices/vfio31" - "--device=/dev/vfio/devices/vfio32:/dev/vfio/devices/vfio32" - "--device=/dev/vfio/devices/vfio33:/dev/vfio/devices/vfio33" - "--device=/dev/vfio/devices/vfio34:/dev/vfio/devices/vfio34" - "--device=/dev/vfio/devices/vfio35:/dev/vfio/devices/vfio35" - "--device=/dev/vfio/devices/vfio36:/dev/vfio/devices/vfio36" - "--device=/dev/vfio/devices/vfio37:/dev/vfio/devices/vfio37" - "--device=/dev/vfio/devices/vfio38:/dev/vfio/devices/vfio38" - "--device=/dev/vfio/devices/vfio39:/dev/vfio/devices/vfio39" - "--device=/dev/vfio/devices/vfio40:/dev/vfio/devices/vfio40" - "--device=/dev/vfio/devices/vfio41:/dev/vfio/devices/vfio41" - "--device=/dev/vfio/devices/vfio42:/dev/vfio/devices/vfio42" - "--device=/dev/vfio/devices/vfio43:/dev/vfio/devices/vfio43" - "--device=/dev/vfio/devices/vfio44:/dev/vfio/devices/vfio44" - "--device=/dev/vfio/devices/vfio45:/dev/vfio/devices/vfio45" - "--device=/dev/vfio/devices/vfio46:/dev/vfio/devices/vfio46" - "--device=/dev/vfio/devices/vfio47:/dev/vfio/devices/vfio47" - "--device=/dev/vfio/devices/vfio48:/dev/vfio/devices/vfio48" - "--device=/dev/vfio/devices/vfio49:/dev/vfio/devices/vfio49" - "--device=/dev/vfio/devices/vfio50:/dev/vfio/devices/vfio50" - "--device=/dev/vfio/devices/vfio51:/dev/vfio/devices/vfio51" - "--device=/dev/vfio/devices/vfio52:/dev/vfio/devices/vfio52" - "--device=/dev/vfio/devices/vfio53:/dev/vfio/devices/vfio53" - "--device=/dev/vfio/devices/vfio54:/dev/vfio/devices/vfio54" - "--device=/dev/vfio/devices/vfio55:/dev/vfio/devices/vfio55" - "--device=/dev/vfio/devices/vfio56:/dev/vfio/devices/vfio56" - "--device=/dev/vfio/devices/vfio57:/dev/vfio/devices/vfio57" - "--device=/dev/vfio/devices/vfio58:/dev/vfio/devices/vfio58" - "--device=/dev/vfio/devices/vfio59:/dev/vfio/devices/vfio59" - "--device=/dev/vfio/devices/vfio60:/dev/vfio/devices/vfio60" - "--device=/dev/vfio/devices/vfio61:/dev/vfio/devices/vfio61" - "--device=/dev/vfio/devices/vfio62:/dev/vfio/devices/vfio62" - "--device=/dev/vfio/devices/vfio63:/dev/vfio/devices/vfio63" networks: - 172.17.8.0/24 spec: rgw_frontend_port: 8000
