The provisioning config can be optionally stored in the ProvisioningConfig
configMap which is then passed to initcontainer through the volume mount.
There's also a possibility for a node specific congfiguration through
passing a nodename via NODE_NAME into initcontainer's environment
and passing a node specific profile via configMap volume mount.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This updates the QAT driver to the latest, QAT engine to the latest,
IPSEC MB to the latest, and IPP CRYPTO to the latest. A basic test
was done in a Kata container and openssl was able to find the qat-hw
engine. I don't have a way to test if qat-sw works as the configure
parameters have changed.
Signed-off-by: Eric Adams <eric.adams@intel.com>
Add checksum checks for toybox and qat driver
Use toybox version 0.8.5 instead of 0.8.4
Update toybox-config
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
The version of the compute-runtime project installed in ubuntu-demo-opencl
is not working with the most recent GPUs anymore. Instead of updating it,
move to use pre-built images. This is inlined with our goal to speed-up CI
by skipping unnecessary demo images.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The run-dpdk-test helper script builds dpdk-test-[compress|crypto]-perf
command line parameters dynamically. Some of the parameters were changed
in the recent DPDK builds and need updating.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This updates the QAT driver to the latest version
and updates the new driver download location on
downloadmirror. Also, this openssl container build
requires yasm so it was added as well.
Signed-off-by: Eric Adams <eric.adams@intel.com>
With GCC 11, the build triggers errors:
/usr/src/opae/opae-sdk-1.5.0-2/opae-libs/include/opae/log.h:51:1: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
51 | if (p > file) \
| ^~
...
Workaround the problem with -Wno-misleading-indentation.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
With the recent move to NFD custom source config for SGX features,
we no longer get SGX* cpuid labels but custom-intel.sgx so the grep
fails. Move to lowercase only checks.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- Impelemented demo image that runs accel-config tests
- Added testing instructions to the documentation
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
It was observed that qat-hw (when built right after qat-sw) is not built
correctly. Run make clean before the build (and back-up qat-sw since
clean removes it).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
SGX aesmd (architectural enclave service daemon) can be used for SGX
DCAP Quote Generation. This commit adds a sample deployment that by
default talks to an Intel reference PCCS (Provisioning Certificate
Caching Service).
The default config provided is for a "single node" cluster that has
PCCS service localhost.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The client side packages Recommends aesmd service and that gets pulled
in the image. aesmd service is expected to run in its own container so
we build the sample apps container without it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
ipp-crypto repository did not provide a tag with the necessary changes
included until recently so we were using the master branch.
Now the tag was added (and master broke our build) so we move to use
it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This screencast demonstrates deployment scenario for FPGA
preprogrammed mode. It uses Docker as a runtime to show that
CRI-O is not required in this mode.
OVC upgraded hddldaemon to use R4, so we should do so too.
also change the openvino tgz file download from "ADD" to curl to leverage
the docker build cache.
Signed-off-by: Alek Du <alek.du@intel.com>
swupd os-install fails (clearlinux/swupd-client/issues/1369) if
"--bundles=os-core" is used. It was confirmed that os-core is
always installed first regardless of what other --bundles are
specified.
To get the builds working, we move to rely on that implicit os-core
install.
Fixes: #330
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- Removed Sphynx from the list of bundles as it brings python-basic3,
which triggers this exception:
Step 9/18 : RUN cd /usr/src/opae/opae-sdk-${OPAE_RElEASE} && patch -p1 < 0001-OPAE-in-containers-don-t-enumerate-missing-device.patch && mkdir build && cd build && cmake .. -DBUILD_ASE=0 -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_SKIP_RPATH=true && make xfpga nlb0 nlb3
...
-- Found Sphinx: /usr/sbin/sphinx-build
-- Found PythonInterp: /usr/sbin/python (found suitable version "3.8.1", minimum required is "2.7")
-- Found Perl: /usr/sbin/perl (found version "5.28.2")
-- Found PythonInterp: /usr/sbin/python (found version "3.8.1")
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/platforms/scripts/afu_platform_config_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/platforms/scripts/afu_platform_info_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/tools/extra/packager/packager_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/tools/extra/packager/afu_json_mgr_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/tools/extra/fpgadiag/fpgalpbk_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/tools/extra/fpgadiag/mactest_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/src/opae/opae-sdk-1.3.2-1/build/tools/extra/fpgadiag/fpgastats_main/do_zip.py", line 8, in <module>
wr_buf.write('#!/usr/bin/env python' + os.linesep)
TypeError: a bytes-like object is required, not 'str'
The SRCREV tag becomes a RepoTag we end up having those tags in the
registry too.
To keep the registry clean, drop SRCREV tags.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
opae-nlb-demo name is more descriptive about the content and becomes
base image agnostic.
Also, set ENTRYPOINT similar to what we did with other images
and deployment files.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
In preparations to get some of the images to hub.docker.com/intel,
start using intel/ prefix.
Moreover, set the Makefile variables so that the images built
by make [images|demos] can easily be pushed to any registry/org
by 'docker push' (e.g., by Jenkins).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
On the host with multiple cards installed it might be case
that not all of them are exposed to the container.
Fix OPAE library to ignore devices that are not available.
- Ordered collection in DCP release/region/afus order for simpler
maintenance.
- Got rid of ambiguous entries without dcp releases, e.g. Arria10,
Arria10-nlb3 etc.
- Migrate to OPAE 1.3.2
- Build all the tools from the source
- ignore files in workspace
- minimal fpga_tool utility to check gbs/aocx file parsing and flashing
- implemented kernel IOCTL based flashing of bitstreams
- add PCI and sysfs functions
Clear Linux enables DPDK QAT PMD so we can move to use everything from
there. This saves maintenance efforts and we get more up-to-date DPDK.
The DPDK version in this update gives a tool for compress perf too, for
instance.
The commit also adds kustomize scripts that overlay the original DPDK
demo deployment to run dpdk-test-[compress|crypto|-perf test cases:
$ kubectl apply -k deployments/qat_dpdk_app/test-compress1/
$ kubectl apply -f deployments/qat_dpdk_app/test-crypto1/
New test cases ('ptest's with varying parameters) can be easily added
by following the pattern in test-[crypto|compress]1 directories.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
We plan to use crypto-perf for simple QAT testing. This commit adds
kustomization to make the deployment easier. The original .yaml is
also moved to deployments/ with some changes.
For instance, it turns out also vfio-pci mode with DPDK needs CAP_SYS_ADMIN
(See PR: #187 which states that only igb_uio would need it).
kustomize is available part of kubectl since kubernetes v1.14.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Also, move from ENV to ARG to be able to override the versions
using --build-arg option.
Note: releases qat1.7.l.4.3.0-00033 and older do not have consistent
download URLs so wget'ing those will fail from this commit onwards.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Add:
* Dockerfile that builds a container with OpenSSL 1.1.1 + QAT Engine
* Sample openssl-qat-engine-pod deployment yaml
The demo deployment yaml has the following dependencies:
* kata-runtime is installed and registered as the untrusted workload
handler
* QAT virtual function device configuration(s) (from QAT_Engine repo) are
available in /etc for the target hardware.
TODOs:
* readme.md
* move to RuntimeClass
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This change:
* adds cloning and building of QAT-enabled DPDK to the Dockerfile
* disables unnecessary compilation of DPDK kernel modules which depend on the host kernel version
* fixes issue with missing ./resolv.conf file and dpdk directory
* removes installation of unnecessary yum packages
