Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2308344

Summary: [RFE] Intel QAT Acceleration for Haproxy(Ingress service) for encryption hardware offloading
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: daniel parkes <dparkes>
Component: CephadmAssignee: Kushal Deb <kdeb>
Status: CLOSED ERRATA QA Contact: sohan singh <sohsingh>
Severity: medium Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 8.0CC: adking, akane, cephqe-warriors, kdeb, kdreyer, mkasturi, mobisht, rpollack, tchandra, tserlin
Target Milestone: ---Keywords: FutureFeature
Target Release: 8.1Flags: mkasturi: needinfo+
mkasturi: needinfo+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-19.1.1-19.el9cp Doc Type: Bug Fix
Doc Text:
.The haproxy daemon no longer fails deployment when using the `haproxy_qat_support` setting in the ingress specification Previously, the `haproxy_qat_support` was present but not functional in the ingress specification. This was added to allow haproxy to offload encryption operations on machines with QAT hardware, intending to improve performance. The added function did not work as intended, due to an incomplete code update. If the `haproxy_qat_support` setting was used, then the haproxy daemon failed to deploy. With this fix, the `haproxy_qat_support` setting works as intended and does not fail the haproxy daemon during deployment.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-06-26 12:15:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2317218, 2351689    

Description daniel parkes 2024-08-28 14:38:24 UTC 
Goal
Intel QAT (QuickAssist Technology) can provide extended accelerated encryption and compression services by offloading the actual encryption and compression request(s) to the hardware QuickAssist accelerators. These accelerators are more efficient in terms of cost and power than general-purpose CPUs for those specific compute-intensive workloads.

We want to use QAT Encryption for IBM Storage Ceph Storage Ingress service to do hardware offloading for TLS/Encryption.

We can see in this Red Hat Benchmark the possible improvements that we could achieve:
https://www.redhat.com/en/blog/accelerated-encryption-4th-gen-intelr-xeonr-scalable-processors

The IBM Storage Ceph ready nodes: "All Flash" come with QAT processors, so we would also benefit from these improvements when using the ready nodes.

We are relating QAT RGW support in 7.1 to take advantage of the lessons learned there. https://jsw.ibm.com/browse/ISCE-329

Why is this important?
Reduce node CPU usage and Improve RGW performance when enabling Ingress/Haproxy  Encryption.

Documentation Requirements
This feature needs Documentation on how to enable it and check that it’s working correctly.
Comment 42 errata-xmlrpc 2025-06-26 12:15:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775