Enabling nested virtualization

Nested virtualization is only supported for virtualizing:

  • Virtuozzo Hybrid Infrastructure for testing and development purposes
  • Virtuozzo Application Platform for production workloads, as well as testing and development purposes

Nested virtualization allows you to run virtual machines in Virtuozzo Hybrid Infrastructure clusters that are deployed inside Virtuozzo Hybrid Infrastructure virtual machines. To support nested virtualization, the virtualization engine adds Intel VT-x or AMD-V instructions to VMs, so that a virtual machine can use the hypervisor to run nested VMs.

To enable nested virtualization

  1. Log in to your compute node via SSH.

  2. Create the /etc/modprobe.d/dist.conf file as follows:

    • [For Intel-based systems] Add the line options kvm_intel nested=y:

      # cat > /etc/modprobe.d/dist.conf <<\EOT
options kvm_intel nested=y
EOT

    • [For AMD-based systems] Add the line options kvm_amd nested=y:

      # cat > /etc/modprobe.d/dist.conf <<\EOT
options kvm_amd nested=y
EOT

  3. [For AMD-based systems only] Add the svm flag to your CPU model. For example:

    # vinfra service compute set --cpu-model EPYC-IBPB --cpu-features svm

  4. Reboot the node:

    # reboot
  5. Repeat the steps on all other compute nodes.

All virtual machines created after the configuration will support nested virtualization.

You can check if nested virtualization is enabled as follows:

  • For a node:

    • [For Intel-based systems] Run this command on the node:

      # cat /sys/module/kvm_intel/parameters/nested
Y

    • [For AMD-based systems] Run this command on the node:

      # cat /sys/module/kvm_amd/parameters/nested
Y

  • For a virtual machine, run this command inside the VM:

    The virtual machine should be created after enabling nested virtualization.

    # cat /proc/cpuinfo | grep vmx

For nested virtualization, a VM should have the no-kvmapf module added to its kernel command-line parameters:

  1. In the /etc/default/grub file, locate the GRUB_CMDLINE_LINUX line, and then add no-kvmapf. Check the resulting file:

    # cat /etc/default/grub | grep CMDLINE
GRUB_CMDLINE_LINUX="crashkernel=auto tcache.enabled=0 quiet no-kvmapf"

  2. Regenerate the GRUB configuration file.

    • On a BIOS-based system, run:

      # /usr/sbin/grub2-mkconfig -o /etc/grub2.cfg --update-bls-cmdline

    • On a UEFI-based system, run:

      # /usr/sbin/grub2-mkconfig -o /etc/grub2-efi.cfg --update-bls-cmdline

  3. Reboot the VM:

    # reboot
Related Topics Link IconSee also