Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

第 7 章 QAT 加速进行加密和压缩

Intel QAT (QuickAssist Technology)可以通过将实际加密和压缩请求卸载到硬件 QuickAssist 加速器来提供扩展的加密和压缩服务,这比那些特定计算密集型工作负载的通用 CPU 更加高效。

重要

QAT 只能在 Red Hat Ceph Storage 7.1 中的新设置上配置(仅限Greenfield)。QAT Ceph 对象网关守护进程不能与非 QAT (常规)Ceph 对象网关守护进程配置在同一集群中。

重要

Ceph 对象网关中的硬件加速压缩需要使用 QAT 设备的 Sapphire 或 Emerald Rapids Xeon CPU (或更新版本)上的 RHEL 9.4。如需更多信息,请参阅 Intel Ark

先决条件

  • 一个正在运行的 Red Hat Ceph Storage 集群。
  • 已安装 Ceph 对象网关。

  • 'GRUB' 配置为传递 intel_iommu 参数。 

    grubby --update-kernel=ALL --args="intel_iommu=on"
    Copy to Clipboard Toggle word wrap

7.1. 设置 QAT 服务
复制链接

您可以设置 QAT 服务来加密和解密 Ceph 对象网关对象。

流程

  1. 安装 qatlib-serviceqatlibqatzipqatengine 软件包。 

    # dnf install -y qatlib-service qatlib qatzip qatengine
    Copy to Clipboard Toggle word wrap

  2. 将 'root' 添加到 HOST 上的"QAT"组中。 

    # usermod -aG qat root
    Copy to Clipboard Toggle word wrap

  3. 确保 limits.conf 文件存在以下数据。

    1. 要执行数据加密,请确保在配置文件中将 ServicesEnabled 设置为 sym

      # cat /etc/sysconfig/qat

ServicesEnabled=asym
POLICY=8
      Copy to Clipboard Toggle word wrap

    2. 要执行数据压缩,请确保在配置文件中将 ServicesEnabled 设置为 dc

      # cat /etc/sysconfig/qat

ServicesEnabled=dc
POLICY=8
      Copy to Clipboard Toggle word wrap

    3. 要执行数据加密和压缩,请确保在配置文件中将 ServicesEnabled 设置为 sym,dc

      # cat /etc/sysconfig/qat

ServicesEnabled=asym,dc
POLICY=8
      Copy to Clipboard Toggle word wrap

  4. 使用以下数据配置 limits.conf 文件。 

    # sudo vim /etc/security/limits.conf

...
root - memlock 500000
ceph - memlock 500000
...
    Copy to Clipboard Toggle word wrap

  5. limits.conf 文件中启用配置。 

    # sudo su -l $USER
    Copy to Clipboard Toggle word wrap

  6. 启用 QAT 服务。 

    # systemctl enable qat
    Copy to Clipboard Toggle word wrap

  7. 重新引导节点。 

    # systemctl reboot
    Copy to Clipboard Toggle word wrap

  8. 创建规格文件,并将额外的参数传递给 podman 用于 Ceph 对象网关:

    注意

    您可以使用以下命令生成设备列表:

    --device /dev/vfio --device /dev/qat_adf_ctl $(for i in ls /dev/vfio" | grep 'dev' | grep -v ':' ; do echo --device $i;

    示例

    service_type: rgw
service_id: rgw_qat
placement:
  label: rgw
extra_container_args:
  - "-v /etc/group:/etc/group:ro"
  - "--group-add=keep-groups"
  - "--cap-add=SYS_ADMIN"
  - "--cap-add=SYS_PTRACE"
  - "--cap-add=IPC_LOCK"
  - "--security-opt seccomp=unconfined"
  - "--ulimit memlock=209715200:209715200"
  - "--device=/dev/qat_adf_ctl:/dev/qat_adf_ctl"
  - "--device=/dev/vfio/vfio:/dev/vfio/vfio"
  - "--device=/dev/vfio/333:/dev/vfio/333"
  - "--device=/dev/vfio/334:/dev/vfio/334"
  - "--device=/dev/vfio/335:/dev/vfio/335"
  - "--device=/dev/vfio/336:/dev/vfio/336"
  - "--device=/dev/vfio/337:/dev/vfio/337"
  - "--device=/dev/vfio/338:/dev/vfio/338"
  - "--device=/dev/vfio/339:/dev/vfio/339"
  - "--device=/dev/vfio/340:/dev/vfio/340"
  - "--device=/dev/vfio/341:/dev/vfio/341"
  - "--device=/dev/vfio/342:/dev/vfio/342"
  - "--device=/dev/vfio/343:/dev/vfio/343"
  - "--device=/dev/vfio/344:/dev/vfio/344"
  - "--device=/dev/vfio/345:/dev/vfio/345"
  - "--device=/dev/vfio/346:/dev/vfio/346"
  - "--device=/dev/vfio/347:/dev/vfio/347"
  - "--device=/dev/vfio/348:/dev/vfio/348"
  - "--device=/dev/vfio/349:/dev/vfio/349"
  - "--device=/dev/vfio/350:/dev/vfio/350"
  - "--device=/dev/vfio/351:/dev/vfio/351"
  - "--device=/dev/vfio/352:/dev/vfio/352"
  - "--device=/dev/vfio/353:/dev/vfio/353"
  - "--device=/dev/vfio/354:/dev/vfio/354"
  - "--device=/dev/vfio/355:/dev/vfio/355"
  - "--device=/dev/vfio/356:/dev/vfio/356"
  - "--device=/dev/vfio/357:/dev/vfio/357"
  - "--device=/dev/vfio/358:/dev/vfio/358"
  - "--device=/dev/vfio/359:/dev/vfio/359"
  - "--device=/dev/vfio/360:/dev/vfio/360"
  - "--device=/dev/vfio/361:/dev/vfio/361"
  - "--device=/dev/vfio/362:/dev/vfio/362"
  - "--device=/dev/vfio/363:/dev/vfio/363"
  - "--device=/dev/vfio/364:/dev/vfio/364"
  - "--device=/dev/vfio/365:/dev/vfio/365"
  - "--device=/dev/vfio/366:/dev/vfio/366"
  - "--device=/dev/vfio/367:/dev/vfio/367"
  - "--device=/dev/vfio/368:/dev/vfio/368"
  - "--device=/dev/vfio/369:/dev/vfio/369"
  - "--device=/dev/vfio/370:/dev/vfio/370"
  - "--device=/dev/vfio/371:/dev/vfio/371"
  - "--device=/dev/vfio/372:/dev/vfio/372"
  - "--device=/dev/vfio/373:/dev/vfio/373"
  - "--device=/dev/vfio/374:/dev/vfio/374"
  - "--device=/dev/vfio/375:/dev/vfio/375"
  - "--device=/dev/vfio/376:/dev/vfio/376"
  - "--device=/dev/vfio/377:/dev/vfio/377"
  - "--device=/dev/vfio/378:/dev/vfio/378"
  - "--device=/dev/vfio/379:/dev/vfio/379"
  - "--device=/dev/vfio/380:/dev/vfio/380"
  - "--device=/dev/vfio/381:/dev/vfio/381"
  - "--device=/dev/vfio/382:/dev/vfio/382"
  - "--device=/dev/vfio/383:/dev/vfio/383"
  - "--device=/dev/vfio/384:/dev/vfio/384"
  - "--device=/dev/vfio/385:/dev/vfio/385"
  - "--device=/dev/vfio/386:/dev/vfio/386"
  - "--device=/dev/vfio/387:/dev/vfio/387"
  - "--device=/dev/vfio/388:/dev/vfio/388"
  - "--device=/dev/vfio/389:/dev/vfio/389"
  - "--device=/dev/vfio/390:/dev/vfio/390"
  - "--device=/dev/vfio/391:/dev/vfio/391"
  - "--device=/dev/vfio/392:/dev/vfio/392"
  - "--device=/dev/vfio/393:/dev/vfio/393"
  - "--device=/dev/vfio/394:/dev/vfio/394"
  - "--device=/dev/vfio/395:/dev/vfio/395"
  - "--device=/dev/vfio/396:/dev/vfio/396"
  - "--device=/dev/vfio/devices/vfio0:/dev/vfio/devices/vfio0"
  - "--device=/dev/vfio/devices/vfio1:/dev/vfio/devices/vfio1"
  - "--device=/dev/vfio/devices/vfio2:/dev/vfio/devices/vfio2"
  - "--device=/dev/vfio/devices/vfio3:/dev/vfio/devices/vfio3"
  - "--device=/dev/vfio/devices/vfio4:/dev/vfio/devices/vfio4"
  - "--device=/dev/vfio/devices/vfio5:/dev/vfio/devices/vfio5"
  - "--device=/dev/vfio/devices/vfio6:/dev/vfio/devices/vfio6"
  - "--device=/dev/vfio/devices/vfio7:/dev/vfio/devices/vfio7"
  - "--device=/dev/vfio/devices/vfio8:/dev/vfio/devices/vfio8"
  - "--device=/dev/vfio/devices/vfio9:/dev/vfio/devices/vfio9"
  - "--device=/dev/vfio/devices/vfio10:/dev/vfio/devices/vfio10"
  - "--device=/dev/vfio/devices/vfio11:/dev/vfio/devices/vfio11"
  - "--device=/dev/vfio/devices/vfio12:/dev/vfio/devices/vfio12"
  - "--device=/dev/vfio/devices/vfio13:/dev/vfio/devices/vfio13"
  - "--device=/dev/vfio/devices/vfio14:/dev/vfio/devices/vfio14"
  - "--device=/dev/vfio/devices/vfio15:/dev/vfio/devices/vfio15"
  - "--device=/dev/vfio/devices/vfio16:/dev/vfio/devices/vfio16"
  - "--device=/dev/vfio/devices/vfio17:/dev/vfio/devices/vfio17"
  - "--device=/dev/vfio/devices/vfio18:/dev/vfio/devices/vfio18"
  - "--device=/dev/vfio/devices/vfio19:/dev/vfio/devices/vfio19"
  - "--device=/dev/vfio/devices/vfio20:/dev/vfio/devices/vfio20"
  - "--device=/dev/vfio/devices/vfio21:/dev/vfio/devices/vfio21"
  - "--device=/dev/vfio/devices/vfio22:/dev/vfio/devices/vfio22"
  - "--device=/dev/vfio/devices/vfio23:/dev/vfio/devices/vfio23"
  - "--device=/dev/vfio/devices/vfio24:/dev/vfio/devices/vfio24"
  - "--device=/dev/vfio/devices/vfio25:/dev/vfio/devices/vfio25"
  - "--device=/dev/vfio/devices/vfio26:/dev/vfio/devices/vfio26"
  - "--device=/dev/vfio/devices/vfio27:/dev/vfio/devices/vfio27"
  - "--device=/dev/vfio/devices/vfio28:/dev/vfio/devices/vfio28"
  - "--device=/dev/vfio/devices/vfio29:/dev/vfio/devices/vfio29"
  - "--device=/dev/vfio/devices/vfio30:/dev/vfio/devices/vfio30"
  - "--device=/dev/vfio/devices/vfio31:/dev/vfio/devices/vfio31"
  - "--device=/dev/vfio/devices/vfio32:/dev/vfio/devices/vfio32"
  - "--device=/dev/vfio/devices/vfio33:/dev/vfio/devices/vfio33"
  - "--device=/dev/vfio/devices/vfio34:/dev/vfio/devices/vfio34"
  - "--device=/dev/vfio/devices/vfio35:/dev/vfio/devices/vfio35"
  - "--device=/dev/vfio/devices/vfio36:/dev/vfio/devices/vfio36"
  - "--device=/dev/vfio/devices/vfio37:/dev/vfio/devices/vfio37"
  - "--device=/dev/vfio/devices/vfio38:/dev/vfio/devices/vfio38"
  - "--device=/dev/vfio/devices/vfio39:/dev/vfio/devices/vfio39"
  - "--device=/dev/vfio/devices/vfio40:/dev/vfio/devices/vfio40"
  - "--device=/dev/vfio/devices/vfio41:/dev/vfio/devices/vfio41"
  - "--device=/dev/vfio/devices/vfio42:/dev/vfio/devices/vfio42"
  - "--device=/dev/vfio/devices/vfio43:/dev/vfio/devices/vfio43"
  - "--device=/dev/vfio/devices/vfio44:/dev/vfio/devices/vfio44"
  - "--device=/dev/vfio/devices/vfio45:/dev/vfio/devices/vfio45"
  - "--device=/dev/vfio/devices/vfio46:/dev/vfio/devices/vfio46"
  - "--device=/dev/vfio/devices/vfio47:/dev/vfio/devices/vfio47"
  - "--device=/dev/vfio/devices/vfio48:/dev/vfio/devices/vfio48"
  - "--device=/dev/vfio/devices/vfio49:/dev/vfio/devices/vfio49"
  - "--device=/dev/vfio/devices/vfio50:/dev/vfio/devices/vfio50"
  - "--device=/dev/vfio/devices/vfio51:/dev/vfio/devices/vfio51"
  - "--device=/dev/vfio/devices/vfio52:/dev/vfio/devices/vfio52"
  - "--device=/dev/vfio/devices/vfio53:/dev/vfio/devices/vfio53"
  - "--device=/dev/vfio/devices/vfio54:/dev/vfio/devices/vfio54"
  - "--device=/dev/vfio/devices/vfio55:/dev/vfio/devices/vfio55"
  - "--device=/dev/vfio/devices/vfio56:/dev/vfio/devices/vfio56"
  - "--device=/dev/vfio/devices/vfio57:/dev/vfio/devices/vfio57"
  - "--device=/dev/vfio/devices/vfio58:/dev/vfio/devices/vfio58"
  - "--device=/dev/vfio/devices/vfio59:/dev/vfio/devices/vfio59"
  - "--device=/dev/vfio/devices/vfio60:/dev/vfio/devices/vfio60"
  - "--device=/dev/vfio/devices/vfio61:/dev/vfio/devices/vfio61"
  - "--device=/dev/vfio/devices/vfio62:/dev/vfio/devices/vfio62"
  - "--device=/dev/vfio/devices/vfio63:/dev/vfio/devices/vfio63"
networks:
- 172.17.8.0/24
spec:
  rgw_frontend_port: 8000
    Copy to Clipboard Toggle word wrap

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat