Hello Aleks,
On 2018-06-12 13:05, Aleksandar Lazic wrote:
> Hi.
>
> On 12/06/2018 12:58, Christian Braun wrote:
>> Hello,
>>
>> i am testing haproxy with a QAT card (Intel QuickAssit-Technology). I
>> am getting "SSL handshake failure" running haproxy with user nobody and
>> ssl-engine qat. When running haproxy with user root the card gets used
>> and the SSL connection works.
>> Is running haproxy as root required when using a QAT card?
>
> What's Intel answer to the question about usage of the card as none
> root user?
>
>> haproxy v1.8.9
>> OpenSSL_1_1_0h
>> QAT_Engine v0.5.36
>> qat1.7.l.4.1.0
>
> What do you see when you call `openssl engine -t -c -vvvv qat` as none
> root user ?
Thanks for pointing that out. I should have tried that first. The test
works with root and fails with a unprivileged user:
$ LD_LIBRARY_PATH=/usr/local/ssl/lib /usr/local/ssl/bin/openssl engine
-t -c -vvvv qat
(qat) Reference implementation of QAT crypto engine
[RSA, DSA, DH, AES-128-CBC-HMAC-SHA1, AES-128-CBC-HMAC-SHA256,
AES-256-CBC-HMAC-SHA1, AES-256-CBC-HMAC-SHA256, TLS1-PRF]
ioctl_alloc_slab:936 mmap on memory allocated through ioctl failed
ADF_UIO_PROXY err: adf_init_ring: unable to get
ringbuf(v:(nil),p:(nil)) for rings in bank(0)
ADF_UIO_PROXY err: icp_adf_transCreateHandle: adf_init_ring failed
[error] SalCtrl_ServiceInit() - : Failed to initialise all service instances
ADF_UIO_PROXY err: adf_user_subsystemInit: Failed to initialise
Subservice SAL
[error] SalCtrl_ServiceEventStart() - : Private data is NULL
ADF_UIO_PROXY err: adf_user_subsystemStart: Failed to start Subservice SAL
[error] SalCtrl_AdfServicesStartedCheck() - : Sal Ctrl failed to start
in given time
[error] do_userStart() - : Failed to start services
>
> I found this command on this page https://github.com/intel/QAT_Engine
> as I don't know the QAT Engine.
>
> Do you use haproxy in nbproc?
>
> https://github.com/intel/QAT_Engine#limitations
>
>> Thank you,
>> Christian
>
> Best regards
> aleks
Thank you,
Christian
