Configure DevStack with KVM-based Nested Virtualization

When using virtualization technologies like KVM, one can take advantage of “Nested VMX” (i.e. the ability to run KVM on KVM) so that the VMs in cloud (Nova guests) can run relatively faster than with plain QEMU emulation.

Kernels shipped with Linux distributions doesn’t have this enabled by default. This guide outlines the configuration details to enable nested virtualization in KVM-based environments. And how to setup DevStack (that’ll run in a VM) to take advantage of this.

Nested Virtualization Configuration

Configure Nested KVM for Intel-based Machines

Procedure to enable nested KVM virtualization on Intel-based machines.

Check if the nested KVM Kernel parameter is enabled:

cat /sys/module/kvm_intel/parameters/nested
N

Temporarily remove the KVM intel Kernel module, enable nested virtualization to be persistent across reboots and add the Kernel module back:

sudo rmmod kvm-intel
sudo sh -c "echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf"
sudo modprobe kvm-intel

Ensure the Nested KVM Kernel module parameter for Intel is enabled on the host:

cat /sys/module/kvm_intel/parameters/nested
Y

modinfo kvm_intel | grep nested
parm:           nested:bool

Start your VM, now it should have KVM capabilities – you can verify that by ensuring /dev/kvm character device is present.

Configure Nested KVM for AMD-based Machines

Procedure to enable nested KVM virtualization on AMD-based machines.

Check if the nested KVM Kernel parameter is enabled:

cat /sys/module/kvm_amd/parameters/nested
0

Temporarily remove the KVM AMD Kernel module, enable nested virtualization to be persistent across reboots and add the Kernel module back:

sudo rmmod kvm-amd
sudo sh -c "echo 'options amd nested=1' >> /etc/modprobe.d/dist.conf"
sudo modprobe kvm-amd

Ensure the Nested KVM Kernel module parameter for AMD is enabled on the host:

cat /sys/module/kvm_amd/parameters/nested
1

modinfo kvm_amd | grep -i nested
parm:           nested:int

To make the above value persistent across reboots, add an entry in /etc/modprobe.d/dist.conf so it looks as below:

cat /etc/modprobe.d/dist.conf
options kvm-amd nested=y

Expose Virtualization Extensions to DevStack VM

Edit the VM’s libvirt XML configuration via virsh utility:

sudo virsh edit devstack-vm

Add the below snippet to expose the host CPU features to the VM:

<cpu mode='host-passthrough'>
</cpu>

Ensure DevStack VM is Using KVM

Before invoking stack.sh in the VM, ensure that KVM is enabled. This can be verified by checking for the presence of the file /dev/kvm in your VM. If it is present, DevStack will default to using the config attribute virt_type = kvm in /etc/nova.conf; otherwise, it’ll fall back to virt_type=qemu, i.e. plain QEMU emulation.

Optionally, to explicitly set the type of virtualization, to KVM, by the libvirt driver in nova, the below config attribute can be used in DevStack’s local.conf:

LIBVIRT_TYPE=kvm

Once DevStack is configured successfully, verify if the Nova instances are using KVM by noticing the QEMU CLI invoked by Nova is using the parameter accel=kvm, e.g.:

ps -ef | grep -i qemu
root     29773     1  0 11:24 ?        00:00:00 /usr/bin/qemu-system-x86_64 -machine accel=kvm [. . .]