nginx 配置 Intel QAT 加速卡

发表于 | 分类于 | | 游览

nginx 配置 Intel QAT 加速卡

Intel QAT 加速卡可以对HTTPS的请求进行异步请求, 加快证书处理, 降低系统性能消耗。
nginx 作为代理, 可以代理HTTPS请求, 需要重新编译,支持QAT加速卡,这样才能将请求给QAT加速卡。
Intel QAT 加速卡安装在上一遍文章已经提到, 这里就不在说了, 可以查看之前文章。
intel qat 加速卡安装配置 : https://sukbeta.github.io/intel-qat/

相关URL

Nginx QAT Instasll: https://01.org/sites/default/files/downloads//337020-003-qatwcontaineranddocker.pdf

下载所需要的安装包

nginx package

1
2
cd /home
wget http://nginx.org/download/nginx-1.18.0.tar.gz

nginx path ,, nginx 需要打的path文件

1
2
cd /home 
git clone https://github.com/intel/asynch_mode_nginx.git

QATzip , nginx 上的压缩

1
2
cd /home 
git clone https://github.com/intel/QATzip.git

开始干活

1
2
3
4
5
cd /home
tar -zxf nginx-1.18.0.tar.gz
diff -Naru -x .git nginx-1.18.0 asynch_mode_nginx > async_mode_nginx_1.18.0.patch
cd /home/nginx-1.18.0 
patch -p1 < ../async_mode_nginx_1.18.0.patch
编译 QATzip
1
2
3
4
5
6
7
8
9
10
11
12
13
14
cd /home 
git clone https://github.com/intel/QATzip.git
export QZ_ROOT=/home/QATzip
echo 1024 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
rmmod usdm_drv
insmod $ICP_ROOT/build/usdm_drv.ko max_huge_pages=1024 max_huge_pages_per_process=16
cd $QZ_ROOT
./configure --with-ICP_ROOT=$ICP_ROOT
make clean
make all install
 ./setenv.sh
 
 /etc/init.d/qat_service restart
systemctl restart qat_service

QATzip run test

1
2
cd $QZ_ROOT/test/performance_tests
./run_perf_test.sh
nginx 编译
1
2
3
4
5
6
7
8
9
10
11
cd /home/nginx-1.18.0
 export NGINX_INSTALL_DIR=/home/nginx
./configure \
    --prefix=$NGINX_INSTALL_DIR \
    --with-http_ssl_module \
    --add-dynamic-module=modules/nginx_qatzip_module \
    --add-dynamic-module=modules/nginx_qat_module/ \
    --with-cc-opt="-DNGX_SECURE_MEM -I$OPENSSL_LIB/include -I$ICP_ROOT/quickassist/include -I$ICP_ROOT/quickassist/include/dc -I$QZ_ROOT/include -Wno-error=deprecated-declarations" \
    --with-ld-opt="-Wl,-rpath=$OPENSSL_LIB/lib -L$OPENSSL_LIB/lib -L$QZ_ROOT/src -lqatzip -lz" 
make 
make install
nginx 配置文件

vim conf/nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
worker_processes  10;
user root;
error_log logs/error.log;

load_module modules/ngx_http_qatzip_filter_module.so;
load_module modules/ngx_ssl_engine_qat_module.so;

events {
    use epoll;
    worker_connections 102400;
    accept_mutex off;
}

# Enable QAT engine in heretic mode.
ssl_engine {
    use_engine qatengine;
    default_algorithms RSA,EC,DH,DSA;
    qat_engine {
        qat_offload_mode async;
        qat_notify_mode poll;
        qat_poll_mode heuristic;
        qat_sw_fallback on;
    }
}

http {
    gzip on;
    gzip_min_length     128;
    gzip_comp_level     1;
    gzip_types  text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
    gzip_vary            on;
    gzip_disable        "msie6";
    gzip_http_version   1.0;

    qatzip_sw failover;
    qatzip_min_length 128;
    qatzip_comp_level 1;
    qatzip_buffers 16 8k;
    qatzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml application/octet-stream image/jpeg;
    qatzip_chunk_size   64k;
    qatzip_stream_size  256k;
    qatzip_sw_threshold 256;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    include server/*.conf;

    # HTTP server with QATZip enabled.
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }

    # HTTPS server with async mode.
    server {
        #If QAT Engine enabled,  `asynch` need to add to `listen` directive or just add `ssl_asynch  on;` to the context.
        listen       443 ssl asynch;
	access_log  logs/access.log  main;
        server_name  localhost;

        ssl_protocols       TLSv1.2;
        ssl_certificate crt/ca.com.crt;
        ssl_certificate_key crt/ca.com.key;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}

配置文件需要添加的很明确, 就不多说了。

run nginx server

1
/home/nginx/sbin/nginx
验证QAT卡是否工作
1
cat /sys/kernel/debug/qat_dh895xcc_0000\:07\:00.0/fw_counters

这个是QAT卡计数的, 当QAT卡处理请求时, 这里会变化的。

感谢您的支持!