|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * networking/hardware_networks/configuring-sriov-device.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: PROCEDURE |
| 6 | +[id="nw-sriov-nic-mlx-secure-boot_{context}"] |
| 7 | += Configuring the SR-IOV Network Operator on Mellanox cards when Secure Boot is enabled |
| 8 | + |
| 9 | +The SR-IOV Network Operator supports an option to skip the firmware configuration for Mellanox devices. This option allows you to create virtual functions by using the SR-IOV Network Operator when the system has secure boot enabled. You must manually configure and allocate the number of virtual functions in the firmware before switching the system to secure boot. |
| 10 | + |
| 11 | +[NOTE] |
| 12 | +==== |
| 13 | +The number of virtual functions in the firmware is the maximum number of virtual functions that you can request in the policy. |
| 14 | +==== |
| 15 | + |
| 16 | +.Procedure |
| 17 | + |
| 18 | +. Configure the virtual functions (VFs) by running the following command when the system is without a secure boot when using the sriov-config daemon: |
| 19 | ++ |
| 20 | +[source,terminal] |
| 21 | +---- |
| 22 | +$ mstconfig -d -0001:b1:00.1 set SRIOV_EN=1 NUM_OF_VFS=16 <1> <2> |
| 23 | +---- |
| 24 | +<1> The `SRIOV_EN` environment variable enables the SR-IOV Network Operator support on the Mellanox card. |
| 25 | +<2> The `NUM_OF_VFS` environment variable specifies the number of virtual functions to enable in the firmware. |
| 26 | + |
| 27 | +. Configure the SR-IOV Network Operator by disabling the Mellanox plugin. See the following `SriovOperatorConfig` example configuration: |
| 28 | ++ |
| 29 | +[source,yaml] |
| 30 | +---- |
| 31 | +apiVersion: sriovnetwork.openshift.io/v1 |
| 32 | +kind: SriovOperatorConfig |
| 33 | +metadata: |
| 34 | + name: default |
| 35 | + namespace: openshift-sriov-network-operator |
| 36 | +spec: |
| 37 | + configDaemonNodeSelector: {} |
| 38 | + configurationMode: daemon |
| 39 | + disableDrain: false |
| 40 | + disablePlugins: |
| 41 | + - mellanox |
| 42 | + enableInjector: true |
| 43 | + enableOperatorWebhook: true |
| 44 | + logLevel: 2 |
| 45 | +---- |
| 46 | + |
| 47 | +. Reboot the system to enable the virtual functions and the configuration settings. |
| 48 | + |
| 49 | +. Check the virtual functions (VFs) after rebooting the system by running the following command: |
| 50 | ++ |
| 51 | +[source,terminal] |
| 52 | +---- |
| 53 | +$ oc -n openshift-sriov-network-operator get sriovnetworknodestate.sriovnetwork.openshift.io worker-0 -oyaml |
| 54 | +---- |
| 55 | ++ |
| 56 | +.Example output |
| 57 | +[source,yaml] |
| 58 | +---- |
| 59 | +- deviceID: 101d |
| 60 | + driver: mlx5_core |
| 61 | + eSwitchMode: legacy |
| 62 | + linkSpeed: -1 Mb/s |
| 63 | + linkType: ETH |
| 64 | + mac: 08:c0:eb:96:31:25 |
| 65 | + mtu: 1500 |
| 66 | + name: ens3f1np1 |
| 67 | + pciAddress: 0000:b1:00.1 <1> |
| 68 | + totalvfs: 16 |
| 69 | + vendor: 15b3 |
| 70 | +---- |
| 71 | +<1> The `totalvfs` value is the same number used in the `mstconfig` command earlier in the procedure. |
| 72 | + |
| 73 | +. Enable secure boot to prevent unauthorized operating systems and malicious software from loading during the device's boot process. |
| 74 | + |
| 75 | +.. Enable secure boot using the BIOS (Basic Input/Output System). |
| 76 | ++ |
| 77 | +[source,terminal] |
| 78 | +---- |
| 79 | +Secure Boot: Enabled |
| 80 | +Secure Boot Policy: Standard |
| 81 | +Secure Boot Mode: Mode Deployed |
| 82 | +---- |
| 83 | + |
| 84 | +.. Reboot the system. |
0 commit comments