zoukankan      html  css  js  c++  java
  • QAT SSL加速卡安装及使用

    一、SSL加速卡介绍

    官方文档: https://01.org/intel-quickassist-technology
    官方性能报告:https://01.org/sites/default/files/downloads/intelr-quickassist-technology/intelquickassisttechnologyopensslperformance.pdf
    官方加速卡介绍:http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/quickassist-adapter-8950-brief.pdf
    Linux安装使用文档:https://01.org/sites/default/files/downloads//337020-003-qatwcontaineranddocker.pdf

    二、参考安装文档使用SSL加速卡

    2.1 安装QAT软件

    (1)百度搜索加速卡型号,获取QAT驱动程序
    (2)安装QAT驱动程序

    export ICP_ROOT=/opt/QAT
    mkdir /opt/QAT
    cd /opt/QAT
    wget https://downloadmirror.intel.com/30178/eng/QAT1.7.L.4.13.0-00009.tar.gz  # 第一步官方的驱动程序
    tar xf QAT1.7.L.4.13.0-00009.tar.gz
    ./configure
    make -j 40
    make install
    service qat_service status
    cpa_sample_code runTests=2    # 测试QAT驱动程序是否安装成功
    

    2.2 安装openssl

    git clone https://github.com/openssl/openssl.git
    cd openssl/
    git checkout OpenSSL_1_1_1    # 我使用最新版本,在后边编译其他qat_engine会报错,应该是QAT_engine还不支持最新版
    ./config --prefix=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib
    make -j 40
    make install
    

    2.3 安装QAT_engine

    git clone https://github.com/intel/QAT_Engine.git
    cd QAT_Engine/qat_contig_mem
    make    # 我这里会报错error: dereferencing pointer to incomplete type ‘struct task_struct’,参考:http://www.voidcn.com/article/p-pwrzhtun-em.html 解决
    vim qat_contig_mem.c
    #include <linux/sched.h>   # 添加这条命令,我是在报错行前一行添加的。
    make load
    make test
    ……
    Hello world!   # 返回信息
    ……
    
    cd ..
    ./autogen.sh
    ./configure --with-qat_hw-dir=/opt/QAT --with-openssl_install_dir=/usr/local/ssl
    

    2.4 安装QATzip

    git clone https://github.com/intel/QATzip.git
    cd QATzip/
    ./configure --with-ICP_ROOT=$ICP_ROOT
    make clean
    make all install
    service qat_service restart
    

    2.5 安装nginx + qat模块

    git clone https://github.com/intel/asynch_mode_nginx.git
    cd asynch_mode_nginx/
    ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --without-http_rewrite_module --with-http_ssl_module --with-http_stub_status_module --with-http_v2_module --with-stream --with-stream_ssl_module --add-dynamic-module=modules/nginx_qatzip_module --add-dynamic-module=modules/nginx_qat_module/ --with-cc-opt="-DNGX_SECURE_MEM -I$OPENSSL_LIB/include -I$QZ_ROOT/include -I$ICP_ROOT/quickassist/include -I$ICP_ROOT/quickassist/include/dc -Wno-error=deprecated-declarations" --with-ld-opt="-Wl,-rpath=$OPENSSL_LIB/lib -L$OPENSSL_LIB/lib -L$QZ_ROOT/src -lqatzip -lz"
    

    以上服务都可以参考github或官方加速卡介绍安装,由于版本原因,后边可能和我版本不一致等,请参考官网安装. 包括在./configure make autogen时候都会需要一些依赖包,参考报错信息百度即可.

    2.6 nginx配置

    cp /root/QAT_Engine/qat/config/dh895xcc/multi_process_optimized/dh895xcc_dev0.conf  /etc   # 复制一份配置文件替换老的QAT驱动
    service qat_service restart
    
    # nginx 配置文件
    events {
        worker_connections  102400;
        use epoll;
        accept_mutex off;
    }
    
    ssl_engine {
            use_engine qatengine;
            default_algorithms RSA,EC,DH,PKEY_CRYPTO;
            qat_engine {
                    qat_offload_mode async;
                    qat_notify_mode poll;
                    qat_poll_mode heuristic;
                    qat_sw_fallback on;
            }
    }
    
    http{
    server {
            listen      80;
            listen      443 ssl backlog=65534 reuseport deferred rcvbuf=8m sndbuf=8m asynch;  # 关键是添加asynch
            server_name test.example.com;
            ssl_certificate     证书.pem;
            ssl_certificate_key 私钥.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
            ssl_session_cache    shared:SSL_WS2:500m;
            ssl_session_timeout  10m;
            ssl_prefer_server_ciphers   on;
    
            #ssl_async  on;
            proxy_read_timeout 10;
            proxy_send_timeout 10;
            proxy_connect_timeout 10;
    
            add_header  Access-Control-Allow-Origin *;
            add_header  Access-Control-Allow-Methods HEAD,OPTIONS,GET,POST,PUT,DELETE;
            add_header  Access-Control-Allow-Headers Content-Type,Server,Date,Content-Length,Cache-Control,Keep-Alive,Connection,X-Requested-With,X-File-Name,Origin,Accept,X-CSRFToken;
            add_header  Access-Control-Max-Age 1728000;
    
    
            location / {
                    expires off;
                    proxy_cache off;
                    proxy_http_version 1.1;
                    proxy_set_header Connection "";
                    proxy_next_upstream error non_idempotent;
                    proxy_next_upstream_tries 4;
                    proxy_next_upstream_timeout 10s;
                    proxy_pass_header server;
                    proxy_set_header host $host;
                    proxy_redirect off;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header x-real-ip $remote_addr;
                    proxy_set_header x-scheme $scheme;
                    root /usr/share/nginx/html;
            }
    }
    }
    }
    
    
  • 相关阅读:
    Product of Array Except Self
    Sliding Window Maximum
    First Bad Version
    Perfect Squares
    IPsec Note
    BGP实验第9-10选路原则
    BGP选路第3条原则
    BGP选路原则第1条至第8条
    BGP选路原则笔记 Cyrus
    Lab Block hole of BGP
  • 原文地址:https://www.cnblogs.com/-xuan/p/14595856.html
Copyright © 2011-2022 走看看