[libvirt-users] Help With Nested Virtualization

Wed Aug 31 10:48:33 UTC 2016

On Mon, Aug 29, 2016 at 09:42:17PM -0400, Brandon Golway wrote:
>(Copied from my post on the Arch Linux forums:
>https://bbs.archlinux.org/viewtopic.php?pid=1650650#p1650650)
>
>I have a FreeNAS 10 KVM setup via libvirt on my Arch server and I'd like to
>be able to test out the virtualization features in the nightly FreeNAS 10
>builds but the problem is that I can't seem to get VT-x to correctly pass
>through to the guest. I have followed the [u][url=
>https://wiki.archlinux.org/index.php/KVM#Nested_virtualization]Nested
>Virtualization[/url][/u] section of the KVM wiki and I'm sure it's
>supported and enabled.
>
>Here's proof
>[code] [bran at nas ~]$ sudo systool -m kvm_intel -v | grep nested
>    nested              = "Y"
>
> [bran at nas ~]$ lscpu|grep Virtualization
>Virtualization:        VT-x[/code]
>
>So the host/hardware isn't the problem, I believe the problem lies within
>libvirt.
>
>RedHat says to use [b]copy host CPU configuration[/b] or
>[b]host-passthrough[/b], with the latter being preferred. If I use the
>former I get the [b]CMT not supported[/b] error, but if I type in
>[b]host-passthrough[/b] which according to [u][url=
>https://bbs.archlinux.org/viewtopic.php?id=214539]this post[/url][/u]
>should work. When I set [b]host-passthrough[/b] it allows the system to
>boot up, but when I try to start a guest FreeNAS gives me the error that
>VT-x instructions aren't available, I have no idea how to check them either
>since the [b]proc[/b] pseudo-filesystem doesn't exist in BSD. I know for a
>fact that this isn't a problem with the FreeNAS builds because I've been
>testing them out for months on my Windows 10 desktop via VMware and nested
>virtualization works without issue, so it must be an issue with
>KVM/libvirt.
>
>Can someone clue me in on what the issue is?
>
>Here's the entire XML config for the FreeNAS VM
>
>[code]<!--
>WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
>OVERWRITTEN AND LOST. Changes to this xml configuration should be made
>using:
>  virsh edit FreeNAS_10
>or other application using the libvirt API.
>-->
>

Just as I see you grabbed it from the place where it is stored, you
should rather instead do 'virsh dumpxml FreeNAS_10', or remove the
comment above.  Otherwise it steers other users to believing that
mangling with internal XML files is safe.

><domain type='kvm'>
>  <name>FreeNAS_10</name>
>  <uuid>ea816b85-7685-495a-bc97-28a882f190d7</uuid>
>  <title>FreeNAS v10</title>
>  <description>Nightly Alpha Test Releases</description>
>  <memory unit='KiB'>6340608</memory>
>  <currentMemory unit='KiB'>6340608</currentMemory>
>  <vcpu placement='static'>4</vcpu>
>  <os>
>    <type arch='x86_64' machine='pc-i440fx-2.6'>hvm</type>
>    <bootmenu enable='no'/>
>  </os>
>  <features>
>    <acpi/>
>    <apic/>
>    <vmport state='off'/>
>  </features>
>  <cpu mode='host-passthrough'/>

Although what you did should be enough for the nested virt to work, I
have just an idea to try out.  I can't try it because I don't have
nested virt turned on for the module and don't want to reboot now.  But
if you have new enough libvirt, you should be able to do:

<cpu mode='host-passthrough'>
  <feature policy='require' name='vmx'/>
</cpu>

Also check that you are not missing the kvm_intel module in the L1 guest
kernel and other similar non-nested troubleshooting steps as well.

Hope that helps,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160831/0f575551/attachment.sig>