Enabling nested virtualization

Nested virtualization is only supported for virtualizing:

  • Virtuozzo Hybrid Infrastructure for testing and development purposes
  • Virtuozzo Application Platform for production workloads, as well as testing and development purposes

Nested virtualization allows you to run virtual machines in Virtuozzo Hybrid Infrastructure clusters that are deployed inside Virtuozzo Hybrid Infrastructure virtual machines. To support nested virtualization, the virtualization engine reports the availability of Intel VT-x or AMD-V extensions to VMs, so that a virtual machine can use the hypervisor to run nested VMs. By default, the engine checks the processor, and nested virtualization is enabled if no known issues with nested support are detected.

For Intel-based systems

  1. Log in to your compute node via SSH.

  2. Check if nested virtualization is enabled on the node by running:

    # cat /sys/module/kvm_intel/parameters/nested

    If the command output is either Y or 1, nested virtualization is enabled; if the output is either N or 0, nested virtualization is disabled.

    Nested virtualization is disabled if the processor has issues with nested support. In this case, enabling nested virtualization is strongly not recommended.

  3. Enable nested virtualization for virtual machines:

    • To enable it for all VMs that will be created in the compute cluster, add the vmx flag to your CPU model. For example:

      # vinfra service compute set --cpu-model Broadwell-noTSX-IBRS --cpu-features vmx

      All newly created virtual machines will now support nested virtualization.

    • To enable it for specific VMs only, create a flavor with the trait property specifying the VMX feature to be enabled. For example, to create the vmx-trait flavor with 2 vCPUs and 4 GiB of RAM, run:

      # openstack --insecure flavor create --ram 4096 --vcpus 2 --property trait:HW_CPU_X86_VMX=required --public vmx-trait

      All virtual machines created with this flavor will now support nested virtualization.

  4. Verify that nested virtualization is enabled for your virtual machine. On the node that hosts the VM run:

    virsh dumpxml <vm_uuid> | grep vmx
    <feature policy='require' name='vmx'/>

For AMD-based systems

  1. Log in to your compute node via SSH.

  2. Check if nested virtualization is enabled on the node by running:

    # cat /sys/module/kvm_amd/parameters/nested

    If the command output is either Y or 1, nested virtualization is enabled; if the output is either N or 0, nested virtualization is disabled.

    Nested virtualization is disabled if the processor has issues with nested support. In this case, enabling nested virtualization is strongly not recommended.

  3. Enable nested virtualization for virtual machines:

    • To enable it for all VMs that will be created in the compute cluster, add the svm flag to your CPU model. For example:

      # vinfra service compute set --cpu-model EPYC-IBPB --cpu-features svm

      All newly created virtual machines will now support nested virtualization.

    • To enable it for specific VMs only, create a flavor with the trait property specifying the SVM feature to be enabled. For example, to create the svm-trait flavor with 2 vCPUs and 4 GiB of RAM, run:

      # openstack --insecure flavor create --ram 4096 --vcpus 2 --property trait:HW_CPU_X86_SVM=required --public svm-trait

      All virtual machines created with this flavor will now support nested virtualization.

  4. Verify that nested virtualization is enabled for your virtual machine. On the node that hosts the VM run:

    virsh dumpxml <vm_uuid> | grep svm
    <feature policy='require' name='svm'/>
Related Topics Link IconSee also