2308344 – [RFE] Intel QAT Acceleration for Haproxy(Ingress service) for encryption hardware offloading

Bug 2308344 - [RFE] Intel QAT Acceleration for Haproxy(Ingress service) for encryption hardware offloading

Summary: [RFE] Intel QAT Acceleration for Haproxy(Ingress service) for encryption hard...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Cephadm
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	8.1
Assignee:	Kushal Deb
QA Contact:	sohan singh
Docs Contact:	Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks:	2317218 2351689
TreeView+	depends on / blocked

Reported:	2024-08-28 14:38 UTC by daniel parkes
Modified:	2025-06-26 12:15 UTC (History)
CC List:	10 users (show)
Fixed In Version:	ceph-19.1.1-19.el9cp
Doc Type:	Bug Fix
Doc Text:	.The haproxy daemon no longer fails deployment when using the `haproxy_qat_support` setting in the ingress specification Previously, the `haproxy_qat_support` was present but not functional in the ingress specification. This was added to allow haproxy to offload encryption operations on machines with QAT hardware, intending to improve performance. The added function did not work as intended, due to an incomplete code update. If the `haproxy_qat_support` setting was used, then the haproxy daemon failed to deploy. With this fix, the `haproxy_qat_support` setting works as intended and does not fail the haproxy daemon during deployment.
Clone Of:
Environment:
Last Closed:	2025-06-26 12:15:09 UTC
Embargoed:
Dependent Products:
Flags:	mkasturi: needinfo+ mkasturi: needinfo+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
IBM Jira	ISCE-743	None	None	None	2024-08-28 14:40:40 UTC
Red Hat Issue Tracker	RHCEPH-9603	None	None	None	2024-08-28 14:39:00 UTC
Red Hat Product Errata	RHSA-2025:9775	None	None	None	2025-06-26 12:15:21 UTC

Internal Links: 2372653

Description daniel parkes 2024-08-28 14:38:24 UTC

Goal
Intel QAT (QuickAssist Technology) can provide extended accelerated encryption and compression services by offloading the actual encryption and compression request(s) to the hardware QuickAssist accelerators. These accelerators are more efficient in terms of cost and power than general-purpose CPUs for those specific compute-intensive workloads.

We want to use QAT Encryption for IBM Storage Ceph Storage Ingress service to do hardware offloading for TLS/Encryption.

We can see in this Red Hat Benchmark the possible improvements that we could achieve:
https://www.redhat.com/en/blog/accelerated-encryption-4th-gen-intelr-xeonr-scalable-processors

The IBM Storage Ceph ready nodes: "All Flash" come with QAT processors, so we would also benefit from these improvements when using the ready nodes.

We are relating QAT RGW support in 7.1 to take advantage of the lessons learned there. https://jsw.ibm.com/browse/ISCE-329

Why is this important?
Reduce node CPU usage and Improve RGW performance when enabling Ingress/Haproxy  Encryption.

Documentation Requirements
This feature needs Documentation on how to enable it and check that it’s working correctly.

Comment 42 errata-xmlrpc 2025-06-26 12:15:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 8.1 security, bug fix, and enhancement updates), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2025:9775

Note You need to log in before you can comment on or make changes to this bug.