openssl-qat-engine: add NGINX

build Intel's asynch_mode_nginx to demonstrate both HAproxy
and NGINX usage with QAT.

The expectation is both TLS keys and NGINX/HAproxy config are
provided via ConfigMaps.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

demo/openssl-qat-engine/Dockerfile

@@ -1,8 +1,9 @@
 FROM ubuntu:20.04 as builder
 
 ARG QATLIB_VERSION="21.11.0"
-ARG QAT_ENGINE_VERSION="v0.6.11"
-ARG IPSEC_MB_VERSION="v1.1"
+ARG QAT_ENGINE_VERSION="v0.6.12"
+ARG ASYNC_NGINX_VERSION="v0.4.7"
+ARG IPSEC_MB_VERSION="v1.2"
 ARG IPP_CRYPTO_VERSION="ippcp_2021.5"
 
 RUN apt update && \
@@ -21,48 +22,52 @@ RUN apt update && \
     autoconf \
     cmake \
     libtool && \
-    git clone -b $QAT_ENGINE_VERSION https://github.com/intel/QAT_Engine && \
-    git clone -b $IPP_CRYPTO_VERSION https://github.com/intel/ipp-crypto && \
-    git clone -b $IPSEC_MB_VERSION https://github.com/intel/intel-ipsec-mb && \
-    git clone -b $QATLIB_VERSION https://github.com/intel/qatlib
+    git clone --depth 1 -b $ASYNC_NGINX_VERSION https://github.com/intel/asynch_mode_nginx.git && \
+    git clone --depth 1 -b $QAT_ENGINE_VERSION https://github.com/intel/QAT_Engine && \
+    git clone --depth 1 -b $IPP_CRYPTO_VERSION https://github.com/intel/ipp-crypto && \
+    git clone --depth 1 -b $IPSEC_MB_VERSION https://github.com/intel/intel-ipsec-mb && \
+    git clone --depth 1 -b $QATLIB_VERSION https://github.com/intel/qatlib
 
 RUN cd /qatlib && \
     sed -i -e '79,87d' configure.ac && \
     ./autogen.sh && \
     ./configure --prefix=/usr && \
     make -j && \
-    make install samples-install && \
-    cd /ipp-crypto/sources/ippcp/crypto_mb && \
+    make install samples-install
+
+RUN cd /ipp-crypto/sources/ippcp/crypto_mb && \
     cmake . -B"../build" \
     -DOPENSSL_INCLUDE_DIR=/usr/include/openssl \
     -DOPENSSL_LIBRARIES=/usr/lib64 \
     -DOPENSSL_ROOT_DIR=/usr/bin/openssl && \
     cd ../build && \
-    make crypto_mb && make install && \
-    cd /intel-ipsec-mb && \
+    make crypto_mb && make install
+
+RUN cd /intel-ipsec-mb && \
     make && make install LIB_INSTALL_DIR=/usr/lib64
 
-# Build QAT Engine twice: ISA optimized qat-sw and QAT HW
-# optimized qat-hw.
-#
-# NB: The engine build needs 'make clean' between the builds but
-# that removes the installed engine too. Therefore, we need to
-# take a backup before 'make clean' and restore it afterwards.
-# See: https://github.com/intel/QAT_Engine/issues/172
 RUN cd /QAT_Engine && \
+    sed -i -e '258,258 {s/ -a.*//}' configure.ac && \
     ./autogen.sh && \
     ./configure \
     --enable-qat_sw \
-    --with-qat_sw_install_dir=/usr/local \
-    --with-qat_engine_id=qat-sw && \
-    make && make install && \
-    mv /usr/lib/x86_64-linux-gnu/engines-1.1/qatengine.so /usr/lib/x86_64-linux-gnu/engines-1.1/qat-sw.so.tmp && \
-    make clean && \
-    mv /usr/lib/x86_64-linux-gnu/engines-1.1/qat-sw.so.tmp /usr/lib/x86_64-linux-gnu/engines-1.1/qat-sw.so && \
+    --with-qat_sw_install_dir=/usr/local && \
+    make && make install
+
+RUN cd /asynch_mode_nginx && \
     ./configure \
-    --with-qat_engine_id=qat-hw && \
-    make && make install && \
-    mv /usr/lib/x86_64-linux-gnu/engines-1.1/qatengine.so /usr/lib/x86_64-linux-gnu/engines-1.1/qat-hw.so
+    --prefix=/var/www \
+    --conf-path=/usr/share/nginx/conf/nginx.conf \
+    --sbin-path=/usr/bin/nginx \
+    --pid-path=/run/nginx.pid \
+    --lock-path=/run/lock/nginx.lock \
+    --modules-path=/usr/lib64/nginx \
+    --without-http_rewrite_module \
+    --with-http_ssl_module \
+    --add-dynamic-module=modules/nginx_qat_module/ \
+    --with-cc-opt="-DNGX_SECURE_MEM -I/include -Wno-error=deprecated-declarations" \
+    --with-ld-opt="-L/src" && \
+    make && make install
 
 FROM ubuntu:20.04
 
@@ -71,10 +76,14 @@ COPY --from=builder /usr/lib/libqat.so.2.0.0 /usr/lib/
 COPY --from=builder /usr/lib/libusdm.so.0.0.1 /usr/lib/
 COPY --from=builder /usr/lib64/libIPSec_MB.so.1 /usr/lib/x86_64-linux-gnu/
 COPY --from=builder /usr/local/lib/libcrypto_mb.so.11.3 /usr/lib/x86_64-linux-gnu/
-COPY --from=builder /usr/lib/x86_64-linux-gnu/engines-1.1/qat-sw.so /usr/lib/x86_64-linux-gnu/engines-1.1/qat-sw.so
-COPY --from=builder /usr/lib/x86_64-linux-gnu/engines-1.1/qat-hw.so /usr/lib/x86_64-linux-gnu/engines-1.1/qat-hw.so
+COPY --from=builder /usr/lib/x86_64-linux-gnu/engines-1.1/qatengine.so /usr/lib/x86_64-linux-gnu/engines-1.1/qatengine.so
+COPY --from=builder /var/www/ /var/www/
+COPY --from=builder /usr/lib64/nginx/* /usr/lib64/nginx/
+COPY --from=builder /usr/bin/nginx /usr/bin
+COPY --from=builder /usr/share/nginx/conf/* /usr/share/nginx/conf/
 COPY --from=builder /qatlib/LICENSE /usr/share/package-licenses/qatlib/LICENSE
 COPY --from=builder /QAT_Engine/LICENSE /usr/share/package-licenses/QAT_Engine/LICENSE
 COPY --from=builder /ipp-crypto/LICENSE /usr/share/package-licenses/ipp-crypto/LICENSE
+COPY --from=builder /asynch_mode_nginx/LICENSE /usr/share/package-licenses/asynch_mode_nginx/LICENSE
 COPY --from=builder /intel-ipsec-mb/LICENSE /usr/share/package-licenses/intel-ipsec-mb/LICENSE
 RUN ldconfig && apt update && env DEBIAN_FRONTEND=noninteractive apt install -y openssl haproxy