| Kashyap Chamarthy | 75afd6d | 2015-01-20 17:39:25 +0100 | [diff] [blame] | 1 | ======================================================= |
| 2 | Configure DevStack with KVM-based Nested Virtualization |
| 3 | ======================================================= |
| 4 | |
| 5 | When using virtualization technologies like KVM, one can take advantage |
| 6 | of "Nested VMX" (i.e. the ability to run KVM on KVM) so that the VMs in |
| 7 | cloud (Nova guests) can run relatively faster than with plain QEMU |
| 8 | emulation. |
| 9 | |
| 10 | Kernels shipped with Linux distributions doesn't have this enabled by |
| 11 | default. This guide outlines the configuration details to enable nested |
| 12 | virtualization in KVM-based environments. And how to setup DevStack |
| 13 | (that'll run in a VM) to take advantage of this. |
| 14 | |
| 15 | |
| 16 | Nested Virtualization Configuration |
| 17 | =================================== |
| 18 | |
| 19 | Configure Nested KVM for Intel-based Machines |
| 20 | --------------------------------------------- |
| 21 | |
| Kashyap Chamarthy | a7c6558 | 2015-02-11 17:58:15 +0100 | [diff] [blame] | 22 | Procedure to enable nested KVM virtualization on Intel-based machines. |
| Kashyap Chamarthy | 75afd6d | 2015-01-20 17:39:25 +0100 | [diff] [blame] | 23 | |
| 24 | Check if the nested KVM Kernel parameter is enabled: |
| 25 | |
| 26 | :: |
| 27 | |
| 28 | cat /sys/module/kvm_intel/parameters/nested |
| 29 | N |
| 30 | |
| 31 | Temporarily remove the KVM intel Kernel module, enable nested |
| 32 | virtualization to be persistent across reboots and add the Kernel |
| 33 | module back: |
| 34 | |
| 35 | :: |
| 36 | |
| 37 | sudo rmmod kvm-intel |
| 38 | sudo sh -c "echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf" |
| 39 | sudo modprobe kvm-intel |
| 40 | |
| 41 | Ensure the Nested KVM Kernel module parameter for Intel is enabled on |
| 42 | the host: |
| 43 | |
| 44 | :: |
| 45 | |
| 46 | cat /sys/module/kvm_intel/parameters/nested |
| 47 | Y |
| 48 | |
| 49 | modinfo kvm_intel | grep nested |
| 50 | parm: nested:bool |
| 51 | |
| 52 | Start your VM, now it should have KVM capabilities -- you can verify |
| 53 | that by ensuring `/dev/kvm` character device is present. |
| 54 | |
| 55 | |
| 56 | Configure Nested KVM for AMD-based Machines |
| 57 | -------------------------------------------- |
| 58 | |
| 59 | Procedure to enable nested KVM virtualization on AMD-based machines. |
| 60 | |
| 61 | Check if the nested KVM Kernel parameter is enabled: |
| 62 | |
| 63 | :: |
| 64 | |
| 65 | cat /sys/module/kvm_amd/parameters/nested |
| 66 | 0 |
| 67 | |
| 68 | |
| 69 | Temporarily remove the KVM AMD Kernel module, enable nested |
| 70 | virtualization to be persistent across reboots and add the Kernel module |
| 71 | back: |
| 72 | |
| 73 | :: |
| 74 | |
| 75 | sudo rmmod kvm-amd |
| 76 | sudo sh -c "echo 'options amd nested=1' >> /etc/modprobe.d/dist.conf" |
| 77 | sudo modprobe kvm-amd |
| 78 | |
| 79 | Ensure the Nested KVM Kernel module parameter for AMD is enabled on the |
| 80 | host: |
| 81 | |
| 82 | :: |
| 83 | |
| 84 | cat /sys/module/kvm_amd/parameters/nested |
| 85 | 1 |
| 86 | |
| 87 | modinfo kvm_amd | grep -i nested |
| 88 | parm: nested:int |
| 89 | |
| 90 | To make the above value persistent across reboots, add an entry in |
| 91 | /etc/modprobe.ddist.conf so it looks as below:: |
| 92 | |
| 93 | cat /etc/modprobe.d/dist.conf |
| 94 | options kvm-amd nested=y |
| 95 | |
| 96 | |
| 97 | Expose Virtualization Extensions to DevStack VM |
| 98 | ----------------------------------------------- |
| 99 | |
| 100 | Edit the VM's libvirt XML configuration via `virsh` utility: |
| 101 | |
| 102 | :: |
| 103 | |
| 104 | sudo virsh edit devstack-vm |
| 105 | |
| 106 | Add the below snippet to expose the host CPU features to the VM: |
| 107 | |
| 108 | :: |
| 109 | |
| 110 | <cpu mode='host-passthrough'> |
| 111 | </cpu> |
| 112 | |
| 113 | |
| 114 | Ensure DevStack VM is Using KVM |
| 115 | ------------------------------- |
| 116 | |
| 117 | Before invoking ``stack.sh`` in the VM, ensure that KVM is enabled. This |
| 118 | can be verified by checking for the presence of the file `/dev/kvm` in |
| 119 | your VM. If it is present, DevStack will default to using the config |
| 120 | attribute `virt_type = kvm` in `/etc/nova.conf`; otherwise, it'll fall |
| 121 | back to `virt_type=qemu`, i.e. plain QEMU emulation. |
| 122 | |
| 123 | Optionally, to explicitly set the type of virtualization, to KVM, by the |
| 124 | libvirt driver in Nova, the below config attribute can be used in |
| 125 | DevStack's ``local.conf``: |
| 126 | |
| 127 | :: |
| 128 | |
| 129 | LIBVIRT_TYPE=kvm |
| 130 | |
| 131 | |
| Takashi NATSUME | 4de0f1c | 2015-03-10 14:51:39 +0900 | [diff] [blame] | 132 | Once DevStack is configured successfully, verify if the Nova instances |
| Kashyap Chamarthy | 75afd6d | 2015-01-20 17:39:25 +0100 | [diff] [blame] | 133 | are using KVM by noticing the QEMU CLI invoked by Nova is using the |
| 134 | parameter `accel=kvm`, e.g.: |
| 135 | |
| 136 | :: |
| 137 | |
| 138 | ps -ef | grep -i qemu |
| 139 | root 29773 1 0 11:24 ? 00:00:00 /usr/bin/qemu-system-x86_64 -machine accel=kvm [. . .] |