⚙️ How to enable nested KVM virtualization – IT is good

⚙️ How to enable nested KVM virtualization – IT is good

KVM is a virtualization technology integrated into the Linux kernel.

A system with KVM enabled can run as a type 1 hypervisor if the processor supports it.

There are several ways to create a virtual machine with KVM.

QEMU can use KVM, and libvirt and its Virtual Machine Manager UI provide a user friendly interface.

KVM can be used to create nested virtual machines on compatible hardware.

This allows you to create VMs inside VMs for more complex use cases.

Consider a virtualized development environment that runs on your host.

You may need to run virtual device emulators in this environment, nested two levels below the hardware.

In this article, we’ll walk you through how to set up nested KVM virtualization and see if it works.

Before proceeding, make sure you have a working KVM installation and that you are familiar with creating new KVM virtual machines.

Verify that nested virtualization is enabled

Nested virtualization is supported by most modern processor families that offer hardware virtualization.

You can check if nested virtualization is enabled on your hypervisor by using the cat command to read one of the following paths, depending on whether you have an Intel or AMD system:

# Intel
$ cat /sys/module/kvm_intel/parameters/nested

# AMD
$ cat /sys/module/kvm_amd/parameters/nested

The output must be either Y or N.

If you see Y, then you’re done – nested virtualization is already enabled.

You can skip ahead to the Activating Nested Virtualization section below.

If you see N in the terminal, then it’s time to enable nested virtualization in the KVM kernel module.

Enable nested virtualization

Nesting is controlled by the KVM kernel module parameter.

You can change this setting by editing the /etc/modprobe.d/qemu-system-x86.conf file. AT

on some systems this file may be /etc/modprobe.d/kvm.conf.

You will most likely see a single line that looks like one of these:

options kvm_intel
options kvm_intel nested=0

options kvm_amd
options kvm_amd nested=0

Any of these options means KVM is active but nesting is disabled.

To enable it, simply add or change the nested parameter so that it has a value of 1:

# Intel
options kvm_intel nested=1

# AMD
options kvm_amd nested=1

Next, you need to reload the KVM kernel module to apply the changes.

Before doing this, you must stop all running virtual machines.

# Выключим модуль
$ sudo modprobe -r kvm_intel

# Перезагрузим модуль с новыми настройками
$ sudo modprobe kvm_intel

Substitute kvm_amd for kvm_intel if you have an AMD processor.

Now repeat the previous command to check the changes.

You should get Y on the output.

# Intel
$ cat /sys/module/kvm_intel/parameters/nested
Y

# AMD
$ cat /sys/module/kvm_amd/parameters/nested
Y

This method enables nested virtualization permanently.

It will persist across reboots until you remove nested=1 from the KVM module options.

Activating nested virtualization for a guest machine

Guest VMs can only use nested virtualization if they are configured for a CPU mode that supports it.

The VM needs a processor definition that exactly matches the physical hardware on your host.

Most guest machines will work if the CPU mode is set to host-model, which is usually the default.

This means that the guest receives a CPU definition similar to your host’s CPU definition.

In some cases, you may want a host-passthrough mode that accurately captures all the characteristics of the host’s CPU.

You can check and change the guest’s processor type by getting its manifest with the virsh command.

First run the virsh command to launch an interactive shell.

Then type list –all to see all your virtual machines:

virsh # list --all
 Id   Name          State
------------------------------
 -    ubuntu22.04   shut off
 -    win10         shut off

Next run edit to open the manifest of the named virtual machine:

virsh # edit ubuntu22.04

Find the line in the file that starts with

Change it to one of these:


Save and close the file, then type exit at the virsh shell to close it.

Try changing the mode if a problem occurs.

Checking

Most operating systems can tell you if a virtual machine can be created.

Run the following command in your VM to check if the Linux guest has virtualization access:

cat /proc/cpuinfo | grep "svm|vmx"

Virtualization is available if you get output with svm or vmx highlighted in red.

SVM will appear on AMD machines; VMX will appear on Intel machines.

Now install the virtualization technology in the guest system.

You should find that you can start a new virtual machine.

Limits

Nested guest VMs have several limitations.

Some KVM features become unavailable.

You will not be able to move, save, or load these VMs until the nested VM is stopped.

The actual effect of attempting one of these operations has not been determined.

Some systems can handle this; others can cause a kernel panic.

Conclusion

Nested virtualization provides more power and flexibility.

You can sandbox technologies that require their own virtualization to run, such as IDEs that run device emulators.

Getting nested virtualization to work with KVM is usually easy.

Any troubleshooting should start by checking that the nesting option is enabled for your KVM kernel module.

After that, check the processor model and make sure you are running a compatible L2 hypervisor in the virtual machine.

see also:

HOWTO,KVM,Linux,

#enable #nested #KVM #virtualization #good

Leave a Comment

Your email address will not be published. Required fields are marked *