Enabling Nested Virtualization in KVM
I never thought I would have much use for enabling nested virtualization, but I came across this how to post, by Senthil Kumar, at the top of my Mastodon feed this morning and thought that I would give it a shot and try to address an issue on a Windows 10 VM where WSL2 would not start because nested virtualization was not enabled. TL;DR, the steps below resolved the issue.
Process to Enable
By the way, I am using KVM on with libvirt and qemu on a Gentoo machine with an Intel processor for all of the steps outlined below. Process should be similar, but perhaps not exactly as below for AMD processor and linux distributions other than Gentoo.
Turn off VMS
Seems like I only have two VMs running at the moment.
$ sudo virsh list
Id Name State
------------------------------
1 Trisquel9 running
2 Velma-Gentoo running
$ sudo virsh shutdown Trisquel9 --mode acpi
Domain 'Trisquel9' is being shutdown
$ sudo virsh shutdown Velma-Gentoo --mode acpi
Domain 'Velma-Gentoo' is being shutdown
$ sudo virsh list
Id Name State
--------------------
$Unload KVM Module
As mentioned earlier, I am running on an Intel based CPU.
$ lsmod |grep kvm
kvm_intel 188416 0
$ sudo modprobe -r kvm_intel
$Reload KVM Module With Nested Setting Going Forward
Not much to say here, just reloading same module with nested=1 parameter, and that I should have scheduled down time for the VMs as the Nagios alerts start arriving.
sudo modprobe kvm_intel nested=1
$Set KVM module to Load with nested permanently.
I am doing this on a Gentoo machine with SystemD, so to make the module load this way on reboot I put the .conf file in /etc/modules-load.d/, where the systemd-modules-load.service will pick it up.
sudo vim /etc/modules-load.d/kvm_nested.conf
options kvm_intel nested=1Verify Nesting Is Supported
$ cat /sys/module/kvm_intel/parameters/nested
Y
$ modinfo kvm_intel | grep -i nested
parm: nested_early_check:bool
parm: nested:bool
$Enable Nesting in Guest VM
I am not interested in nesting in ether of the two VMs I shut down, and I want to stop the alerts, so I am going to power them on first.
$ sudo virsh start Trisquel9
Domain 'Trisquel9' started
$ sudo virsh start Velma-Gentoo
Domain 'Velma-Gentoo' started
$ sudo virsh list
Id Name State
------------------------------
4 Trisquel9 running
5 Velma-Gentoo runningOK, with the VMs running again, and the Nagios ‘Recovered” messages arrived, It’s time to configure the guest in which I want nesting enabled. When I went through the steps below, I discovered that I had no changes to make to the definition of my VM, as it already had the necessary
$ sudo virsh
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
virsh # list --all
Id Name State
------------------------------------
4 Trisquel9 running
5 Velma-Gentoo running
- arcaos shut off
- arch_default shut off
- archlinux shut off
- archlinux1 shut off
- archlinux2 shut off
- gen-965445-110006 shut off
- gentoo_default shut off
- guix-1.2.0 shut off
- Hurd shut off
- NEMS shut off
- Vista shut off
- win10 shut off
- win_2019_win-2019 shut off
virsh # edit win10
<domain type='kvm'>
<name>win10</name>
<uuid>d071af91-473a-4874-b808-b476ee9b3279</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>4194304</currentMemory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
<vmport state='off'/>
</features>
<cpu mode='host-model' check='partial'/>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/mnt/dasd/media/VMDefaultMachines/Machines/libvirt/Windows/spyonmeplz/spyonmeplz_disk1.qcow2'/>
<target dev='sda' bus='sata'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='sdb' bus='sata'/>
<readonly/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:83:78:9c'/>
<source bridge='br0'/>
<model type='e1000e'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich9'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</memballoon>
</devices>
</domain>
Domain 'win10' XML configuration edited.
virsh # start win10
Domain 'win10' started
virsh # list
Id Name State
------------------------------
4 Trisquel9 running
5 Velma-Gentoo running
6 win10 running
virsh # shutdown win10 --mode=acpi
Domain 'win10' is being shutdown
virsh # exit
$ Success in a Screen Shot
WSL2 working in a VM thanks to a post from OSTechNix
Chrls is currently a technology transformation leader at one of the oldest American investment banking services holding companies, headquartered in New York City. Previous roles at current employer include project manager, front office support, retail and enterprise global Windows server support. Currently residing in Tennessee on the Cumberland Plateau and enjoying life, family and open source.
Mastodon Diaspora Funkwhale PixelfedComments
You can use a Mastodon accounti to comment on this article by replying to the associated Mastodon toot.