From 0c448a0686b542b3c9a26dee00f383f96974d149 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Thu, 29 Nov 2018 15:01:12 +0200 Subject: [PATCH] demo: qat: add OpenSSL demo documentation Signed-off-by: Mikko Ylinen --- demo/readme.md | 29 ++++++- demo/screencast-qat.sh | 184 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 212 insertions(+), 1 deletion(-) create mode 100755 demo/screencast-qat.sh diff --git a/demo/readme.md b/demo/readme.md index 56287d4a..7c2cd85e 100644 --- a/demo/readme.md +++ b/demo/readme.md @@ -57,8 +57,35 @@ Intel® FPGA Device Plugin deployment ## Intel® QuickAssist Technology Device Plugin OpenSSL demo video -TBD +The screencast demonstrates the deployment of the [Intel® QAT Device Plugin](https://github.com/intel/intel-device-plugins-for-kubernetes/blob/master/cmd/qat_plugin/README.md) for +Kubernetes and executes a sample QAT accelerated OpenSSL workload with the OCI +compatible Kata Containers runtime, a lightweight Virtual Machine (VMs) that feel +and perform like traditional containers, but provides the workload isolation +and security advantages of VMs. The demo begins with a fully [configured Kubernetes cluster](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) +and [Kata Containers](https://github.com/kata-containers/documentation/tree/master/install) runtime for workloads. ### Demo platform configuration + +- 1-node, 2x Intel® Xeon® CPU E5-2687W v4 @ 3.00GHz +- Total memory 251 GB DDR4 +- Intel® QAT C62x chipset +- Software +- OpenSUSE 15 (Kernel:4.12.14-lp150.12.22-default) +- Kubernetes 1.12 +- Containerd 1.2 +- Kata Containers 1.3.0 +- Intel® QAT Device Plugin built from master +- QAT 1.7 L.4.3.0-00033 + ### Demo steps + +1. Load the host drivers and prepare the virtual function (VF) devices +2. Check the Kubernetes cluster is in good shape +3. Deploy the Intel® QAT device plugin for Kubernetes +4. Deploy an Intel® QAT Accelerated OpenSSL workload +5. Testing! + ### Screencast +Intel® QAT Device Plugin deployment + +[![Intel® QAT Device Plugin deployment](https://asciinema.org/a/2N7wF3c9oeCuB9sFqTNm2gmOr.png)](https://asciinema.org/a/2N7wF3c9oeCuB9sFqTNm2gmOr) diff --git a/demo/screencast-qat.sh b/demo/screencast-qat.sh new file mode 100755 index 00000000..f26b3606 --- /dev/null +++ b/demo/screencast-qat.sh @@ -0,0 +1,184 @@ +#!/bin/bash -e + +PV='pv -qL' + +command() +{ + speed=$2 + [ -z "$speed" ] && speed=10 + + echo "> $1" | $PV $speed + sh -c "$1" + echo | $PV $speed +} + +out() +{ + speed=$2 + [ -z "$speed" ] && speed=10 + + echo "$1" | $PV $speed + echo | $PV $speed +} + +cleanup() +{ + clear + out 'Cleanup demo artifacts' 20 + out 'delete test pods:' 20 + command 'kubectl delete pod openssl-qat-engine -n openssl-qat-engine || true' 20 + out 'delete plugin configmap:' 20 + command 'kubectl delete configmap intel-qat-plugin-config -n openssl-qat-engine || true' 20 + out 'delete plugin daemonset:' 20 + command 'kubectl delete daemonset intel-qat-plugin -n openssl-qat-engine || true' 20 + out 'delete demo namespace:' 20 + command 'kubectl delete namespace openssl-qat-engine || true' 20 + out 'unload QAT kernel modules:' 20 + command 'sudo rmmod qat_c62xvf qat_c62x intel_qat' +} + +record() +{ + clear + out 'Record this screencast' + command 'asciinema rec -t "Intel QAT Device Plugin for Kubernetes - Intel(R) QAT OpenSSL Engine Demo" Intel-QAT-Device-Plugin-for-Kubernetes-OpenSSL-QAT-Engine-Demo.cast -c "sh ./screencast-qat.sh play"' +} + +screen1() +{ + clear + out "This video demonstrates the Intel(R) QuickAssist Technology device Plugin for Kubernetes*" + out "The key building blocks are:" + out "* Intel(R) QuickAssist Technology (Intel(R) QAT) C62x Chipset with SR-IOV enabled" + out "* A Kubernetes v1.12 cluster with RuntimeClass and Device Plugins enabled" + out "* containerd v1.2 CRI and Kata Containers* runtime" + out "* Intel(R) QAT driver modules for host and Kata Containers kernels" + out "* OpenSSL* 1.1 and Intel(R) QAT OpenSSL Engine installed in a container image" + out "Let's get started!" +} + +screen2() +{ + clear + out "1. Prepare the host drivers and virtual function (VF) devices" + out "Check the chip is available (C62x PCI ID 0x37c8)" + command "/sbin/lspci -d 8086:37c8" + out "Load the host driver modules" + command "sudo dmesg -C" + command "cat load-modules.sh" + command "./load-modules.sh && dmesg" + command "/sbin/lsmod | grep qat" + out "Enable C62x SR-IOV (C62x VF PCI ID 0x37c9)" + command "echo 16|sudo tee /sys/bus/pci/devices/$(/sbin/lspci -d 8086:37c8 -m -D|head -1|awk '{print $1}')/sriov_numvfs" + command "/sbin/lspci -d 8086:37c9" +} + +screen3() +{ + clear + out "2. Check the Kubernetes cluster is in good shape" + command "kubectl get nodes" + command "kubectl get pods --all-namespaces" + command "kubectl get runtimeclass" + command "sudo crictl ps" + out "Create the demo namespace" + command "kubectl create ns openssl-qat-engine" +} + +screen4() +{ + clear + out "3. Deploy the Intel(R) QAT device plugin for Kubernetes" + out "Load the container image to containerd CRI" + command "sudo ctr cri load intel-qat-plugin.tar" + out "Create the plugin configmap" + command "kubectl create -f qat_plugin_demo_configmap.yaml -n openssl-qat-engine" + command "kubectl describe configmap intel-qat-plugin-config -n openssl-qat-engine" + out "Create the plugin daemonset" + command "kubectl create -f qat_plugin.yaml -n openssl-qat-engine" + out "Check its pod is runnning" + command "kubectl get pods -n openssl-qat-engine | grep intel-qat-plugin" +} + +screen5() +{ + clear + out "4. Deploy Intel(R) QAT Accelerated OpenSSL workload" + out "Load container image to containerd" + command "sudo ctr cri load openssl-qat-engine.tar" + out "Review the Pod Spec" + command "cat openssl-qat-engine-pod.yaml" + out "Deploy the workload" + command "kubectl create -f openssl-qat-engine-pod.yaml -n openssl-qat-engine" + out "Check the workload is running" + command "kubectl get pods -n openssl-qat-engine" +} + +screen6() +{ + clear + out "5. Testing!" + command "kubectl exec -it openssl-qat-engine -n openssl-qat-engine -- adf_ctl restart" + command "kubectl exec -it openssl-qat-engine -n openssl-qat-engine -- adf_ctl status" + command "kubectl exec -it openssl-qat-engine -n openssl-qat-engine -- openssl engine -c -t qat" +} + +screen7() +{ + clear + out "Summary:" 15 + out "This demonstrated Intel(R) QAT accelerated SSL/TLS for workloads using OpenSSL" 15 + out " - Host Intel(R) QAT VF resources controlled by Intel QAT Device plugin for Kubernetes" 15 + out " - Kata Containers enabled workloads get to see unique Intel(R) QAT devices" 15 + out " - Unmodified Intel(R) QAT user space stack and OpenSSL QAT Engine available for containers" 15 + out + out "More detailed information about Intel Device Plugins can be found at https://github.com/intel/intel-device-plugins-for-kubernetes" 15 + DISCLAIMER=$(cat <<-EOD +Disclaimer: + +Intel technologies’ features and benefits depend on system configuration and +may require enabled hardware, software or service activation. Learn more at +intel.com, or from the OEM or retailer. + +No computer system can be absolutely secure. + +Tests document performance of components on a particular test, in specific +systems. Differences in hardware, software, or configuration will affect actual +performance. Consult other sources of information to evaluate performance as +you consider your purchase. For more complete information about performance +and benchmark results, visit http://www.intel.com/performance. + +Demo platform configuration: + +2x Intel(R) Xeon(R) CPU E5-2687W v4 @ 3.00GHz; +Total memory 251 GB; Intel(R) QAT C62x; + +OpenSUSE* 15 (Kernel: 4.12.14-lp150.12.25-default); 1-node Kubernetes* 1.12; +Containerd v1.2; QAT 1.7 L.4.3.0-00033. + +Intel(R) QAT Device Plugin built from master branch. + +Intel and the Intel logo are trademarks of Intel Corporation in the U.S. +and/or other countries. + +*Other names and brands may be claimed as the property of others. + +(C) 2018 Intel Corporation. +EOD +) + out "$DISCLAIMER" 1024 +} + +if [ "$1" == 'play' ] ; then + if [ -n "$2" ] ; then + screen$2 + else + for n in $(seq 7) ; do screen$n ; sleep 3; done + fi +elif [ "$1" == 'cleanup' ] ; then + cleanup +elif [ "$1" == 'record' ] ; then + record +else + echo 'Usage: screencast.sh [--help|help|-h] | [play []] | [cleanup] | [record]' +fi