How to enable nested virtualisation¶
Important
Nested virtualisation is enabled by default on Ubuntu. If you are using Ubuntu, it’s unlikely that you will need to manually enable the feature. If you check (using the steps below) and discover that nested virtualisation is enabled, then you will not need to do anything further.
There may be use cases where you need to enable nested virtualisation so that you can deploy instances inside other instances. The sections below explain how to check if nested virtualisation is enabled/available and how to enable it if that is not the case. Bear in mind that currently nested virtualisation is only supported in Ubuntu on x86 machine architecture.
Check if nested virtualisation is enabled¶
Check if the required kernel module for your CPU is already loaded. Hosts with Intel CPUs require the kvm_intel module while AMD hosts require kvm_amd instead:
$ lsmod | grep -i kvm
kvm_intel 204800 0
kvm 1347584 1 kvm_intel
If the module is loaded¶
If the module is already loaded, you can check if nested virtualisation is enabled by running the following command:
cat /sys/module/<module>/parameters/nested
As an example for AMD hosts:
$ cat /sys/module/kvm_amd/parameters/nested
1
If the output is either 1 or Y then nested virtualisation is enabled and you will not need to manually enable the feature (this should be the case for Ubuntu users).
If the module is not loaded¶
If the module your host requires is not loaded, you can load it using modprobe in combination with the property nested=1 to enable nested virtualisation, as shown below for Intel hosts:
modprobe kvm-intel nested=1
Or as follows for AMD hosts:
modprobe kvm-amd nested=1
Enable nested virtualisation¶
If the above checks indicate that nested virtualisation is not enabled, you can follow the below steps to enable it.
Create a file in
/etc/modprobe.d-e.g.,/etc/modprobe.d/kvm.conf- and add the lineoptions kvm-intel nested=1to that file (replacekvm-intelwithkvm-amdfor AMD hosts).Reload the kernel module to apply the changes:
sudo modprobe -r <module>
Example for Intel hosts:
sudo modprobe -r kvm-intel
You should now be able to see nested virtualisation enabled:
Example for Intel hosts:
$ cat /sys/module/kvm_intel/parameters/nested
Y
Check and enable nested virtualisation inside an instance¶
Once the host is ready to use nested virtualisation, it is time to check if the guest instance can run additional nested VMs inside it.
To determine if an instance can host another instance on top, run the below command within the instance:
egrep "svm|vmx" /proc/cpuinfo
If any of these are present in the output (depending on whether the host is AMD or Intel respectively), then virtualisation is available in that instance. If this is not the case you will need to edit the instance CPU settings:
Shut down the instance
Edit the instance XML definition file executing:
virsh edit <instance>Search the
cpu modeparameter in and set its value to eitherhost-modelorhost-passthrough(details about these modes can be found here).Sample
cpu modeparameter in XML with nested virtualisation:<cpu mode='host-model' check='partial'/>
Save the modifications and start the instance
Limitations of nested virtualisation¶
Nested virtualisation has some key limitations you’d need to consider, namely that not all KVM features will be available for instances running nested VMs, and actions such as migrating or saving the parent instance will not be possible until the nested instance is stopped.