mirror of
https://github.com/ceph/ceph
synced 2025-01-22 19:15:41 +00:00
8abce157f1
* administrators * allocated * allowed * approximate * authenticate * availability * average * behavior * binaries * bootstrap * bootstrapping * capacity * cephadm * clients * combining * command * committed * comparison * compiled * consequences * continues * convenience * cookie * crypto * dashboard * deduplication * defaults * delivered * deployment * describe * directory * documentation * dynamic * elimination * entries * expectancy * explicit * explicitly * exporter * github * hard * healthcheck * heartbeat * heavily * http * indices * infrastructure * inherit * layout * lexically * likelihood * logarithmic * manually * metadata * minimization * minimize * object * of * operation * opportunities * overwrite * prioritized * recipe * records * requirements * restructured * running * scalability * second * select * significant * specify * subscription * supported * synonym * throttle * unpinning * upgraded * value * version * which * with Plus some line wrapping and additional edits... Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
156 lines
5.8 KiB
ReStructuredText
156 lines
5.8 KiB
ReStructuredText
===============================================
|
|
QAT Acceleration for Encryption and Compression
|
|
===============================================
|
|
|
|
Intel QAT (QuickAssist Technology) can provide extended accelerated encryption
|
|
and compression services by offloading the actual encryption and compression
|
|
request(s) to the hardware QuickAssist accelerators, which are more efficient
|
|
in terms of cost and power than general purpose CPUs for those specific
|
|
compute-intensive workloads.
|
|
|
|
See `QAT Support for Compression`_ and `QAT based Encryption for RGW`_.
|
|
|
|
|
|
QAT in the Software Stack
|
|
=========================
|
|
|
|
Application developers can access QuickAssist features through the QAT API.
|
|
The QAT API is the top-level API for QuickAssist technology, and enables easy
|
|
interfacing between the customer application and the QuickAssist acceleration
|
|
driver.
|
|
|
|
The QAT API accesses the QuickAssist driver, which in turn drives the
|
|
QuickAssist Accelerator hardware. The QuickAssist driver is responsible for
|
|
exposing the acceleration services to the application software.
|
|
|
|
A user can write directly to the QAT API, or the use of QAT can be done via
|
|
frameworks that have been enabled by others including Intel (for example, zlib*,
|
|
OpenSSL* libcrypto*, and the Linux* Kernel Crypto Framework).
|
|
|
|
QAT Environment Setup
|
|
=====================
|
|
1. QuickAssist Accelerator hardware is necessary to make use of accelerated
|
|
encryption and compression services. And QAT driver in kernel space have to
|
|
be loaded to drive the hardware.
|
|
|
|
The driver package can be downloaded from `Intel Quickassist Technology`_.
|
|
|
|
2. The implementation for QAT based encryption is directly base on QAT API which
|
|
is included the driver package. But QAT support for compression depends on
|
|
QATzip project, which is a user space library which builds on top of the QAT
|
|
API. Currently, QATzip speeds up gzip compression and decompression at the
|
|
time of writing.
|
|
|
|
See `QATzip`_.
|
|
|
|
Implementation
|
|
==============
|
|
1. QAT based Encryption for RGW
|
|
|
|
`OpenSSL support for RGW encryption`_ has been merged into Ceph, and Intel also
|
|
provides one `QAT Engine`_ for OpenSSL. So, theoretically speaking, QAT based
|
|
encryption in Ceph can be directly supported through OpenSSl+QAT Engine.
|
|
|
|
But the QAT Engine for OpenSSL currently supports chained operations only, and
|
|
so Ceph will not be able to utilize QAT hardware feature for crypto operations
|
|
based on OpenSSL crypto plugin. As a result, one QAT plugin based on native
|
|
QAT API is added into crypto framework.
|
|
|
|
2. QAT Support for Compression
|
|
|
|
As mentioned above, QAT support for compression is based on QATzip library in
|
|
user space, which is designed to take full advantage of the performance provided
|
|
by QuickAssist Technology. Unlike QAT based encryption, QAT based compression
|
|
is supported through a tool class for QAT acceleration rather than a compressor
|
|
plugin. The common tool class can transparently accelerate the existing compression
|
|
types, but only zlib compressor can be supported at the time of writing. So
|
|
user is allowed to use it to speed up zlib compressor as long as the QAT
|
|
hardware is available and QAT is capable to handle it.
|
|
|
|
Configuration
|
|
=============
|
|
#. Prerequisites
|
|
|
|
Make sure the QAT driver with version v1.7.L.4.14.0 or higher has been installed.
|
|
Remember to set an environment variable "ICP_ROOT" for your QAT driver package
|
|
root directory.
|
|
|
|
To enable the QAT based encryption and compression, user needs to modify the QAT
|
|
configuration files. For example, for Intel QuickAssist Adapter 8970 product, revise
|
|
c6xx_dev0/1/2.conf in the directory ``/etc/`` and keep them the same, e.g.:
|
|
|
|
.. code-block:: ini
|
|
|
|
#...
|
|
# User Process Instance Section
|
|
##############################################
|
|
[CEPH]
|
|
NumberCyInstances = 1
|
|
NumberDcInstances = 1
|
|
NumProcesses = 8
|
|
LimitDevAccess = 1
|
|
# Crypto - User instance #0
|
|
Cy0Name = "SSL0"
|
|
Cy0IsPolled = 1
|
|
# List of core affinities
|
|
Cy0CoreAffinity = 0
|
|
|
|
# Data Compression - User instance #0
|
|
Dc0Name = "Dc0"
|
|
Dc0IsPolled = 1
|
|
# List of core affinities
|
|
Dc0CoreAffinity = 0
|
|
|
|
#. QAT based Encryption for RGW
|
|
|
|
The CMake option ``WITH_QAT=ON`` must be configured. If you build Ceph from
|
|
source code (see: :ref:`build-ceph`), navigate to your cloned Ceph repository
|
|
and execute the following:
|
|
|
|
.. prompt:: bash $
|
|
|
|
cd ceph
|
|
./do_cmake.sh -DWITH_QAT=ON
|
|
cd build
|
|
ininja
|
|
|
|
.. note::
|
|
The section name of the QAT configuration files must be ``CEPH`` since
|
|
the section name is set as "CEPH" in Ceph crypto source code.
|
|
|
|
Then, edit the Ceph configuration file to make use of QAT based crypto plugin::
|
|
|
|
plugin crypto accelerator = crypto_qat
|
|
|
|
#. QAT Support for Compression
|
|
|
|
Before starting, make sure both QAT driver and `QATzip`_ have been installed. Besides
|
|
"ICP_ROOT", remember to set the environment variable "QZ_ROOT" for the root directory
|
|
of your QATzip source tree.
|
|
|
|
The following CMake options have to be configured to trigger QAT based compression
|
|
when building Ceph:
|
|
|
|
.. prompt:: bash $
|
|
|
|
./do_cmake.sh -DWITH_QAT=ON -DWITH_QATZIP=ON
|
|
|
|
Then, set an environment variable to clarify the section name of User Process Instance
|
|
Section in QAT configuration files, e.g.:
|
|
|
|
.. prompt:: bash $
|
|
|
|
export QAT_SECTION_NAME=CEPH
|
|
|
|
Next, edit the Ceph configuration file to enable QAT support for compression::
|
|
|
|
qat compressor enabled=true
|
|
|
|
|
|
.. _QAT Support for Compression: https://github.com/ceph/ceph/pull/19714
|
|
.. _QAT based Encryption for RGW: https://github.com/ceph/ceph/pull/19386
|
|
.. _Intel Quickassist Technology: https://01.org/intel-quickassist-technology
|
|
.. _QATzip: https://github.com/intel/QATzip
|
|
.. _OpenSSL support for RGW encryption: https://github.com/ceph/ceph/pull/15168
|
|
.. _QAT Engine: https://github.com/intel/QAT_Engine
|