• Nested VM not possible


    joshbgosh10592
    • Retest Minor

    As per the thread below, I'm submitting a bug report for the inability to host nested VMs.

    In my case, I have a Proxmox VM (PVE-Witness) running on unRAID. It's the third node of my Proxmox cluster.

    When I try to fire up a VM on PVE-Witness that was just running on PVE-1, I'm met with the error: 

    TASK ERROR: KVM virtualisation configured, but not available. Either disable in VM configuration or enable in BIOS.

     

    As requested, I attempted a similar task on a newly created Ubuntu 18.4 VM (Ubuntu). When creating the VM in Ubuntu, I'm met with: "Warning: KVM is not available."

     

     

     

    nas-diagnostics-20191021-0320.zip




    User Feedback

    Recommended Comments

    Hi there,

     

    Sorry for the long delay in getting back to you.  In short, I was not able to reproduce this on my test system.  Here's what I did:

     

    Added this to the kernel append line:  kvm-intel.nested=1

     

    Editing my VM, adding this in the <cpu> section:

     

        <feature policy='require' name='vmx'/>

     

    Saved and started my VM, then installed VirtualBox and was able to create a VM just fine.

     

     

    Link to comment

    No worries, thank you!

    So, just to be sure, I'd add the kvm-intel.nested=1  in the Unraid OS section, so it's exactly as below?

    kernel /bzimage
    append initrd=/bzroot kvm-intel.nested=1
    
    

    But then where do you go to edit the VM's CPU section? LIke, where are the config files for them? I'm assuming /etc/libvirt/qemu/VMName.xml, correct?

    Link to comment
    7 hours ago, joshbgosh10592 said:

    No worries, thank you!

    So, just to be sure, I'd add the kvm-intel.nested=1  in the Unraid OS section, so it's exactly as below?

    
    kernel /bzimage
    append initrd=/bzroot kvm-intel.nested=1
    
    

    But then where do you go to edit the VM's CPU section? LIke, where are the config files for them? I'm assuming /etc/libvirt/qemu/VMName.xml, correct?

    There is a toggle in the VM template in the top right corner that switch to xml view.

    Link to comment

    When I go to make the change in the <cpu> section, I receive an error saying, "XML error: Non-empty feature list specified without CPU model"

     

    My section is: 

      <cpu>
        <topology sockets='1' cores='5' threads='1'/>
        <feature policy='require' name='vmx'/>
      </cpu>

     

    Link to comment

    This does work for me:
     

      <cpu mode='host-passthrough' check='none'>
        <topology sockets='1' cores='2' threads='1'/>
        <feature policy='require' name='vmx'/>
      </cpu>

     

    Link to comment
    On 4/25/2020 at 8:39 AM, Daniel Ehrhardt said:

    This does work for me:
     

    
      <cpu mode='host-passthrough' check='none'>
        <topology sockets='1' cores='2' threads='1'/>
        <feature policy='require' name='vmx'/>
      </cpu>

     

    I use proxmox VE, this command don’t work for me,

     

      <cpu mode='host-passthrough' check='none'>
        <topology sockets='1' cores='4' threads='1'/>
        <cache mode='passthrough'/>
        <feature policy='require' name='vmx'/>
      </cpu>

     

    Link to comment
    On 4/26/2020 at 11:04 AM, Young_Max said:

    I use proxmox VE, this command don’t work for me,

     

    
      <cpu mode='host-passthrough' check='none'>
        <topology sockets='1' cores='4' threads='1'/>
        <cache mode='passthrough'/>
        <feature policy='require' name='vmx'/>
      </cpu>

     

    I ran into the same problem with proxmox, and this solved my issue related to this:

     

    Quote

    Enabling nested virtualization for Intel processors:

    To enable nested virtualization for Intel processors:

    Shut down all running VMs and unload the kvm_probe module:

    # modprobe -r kvm_intel

    Activate the nesting feature:

    # modprobe kvm_intel nested=1

    Nested virtualization is enabled until the host is rebooted. To enable it permanently, add the following line to the /etc/modprobe.d/kvm.conf file:

    options kvm_intel nested=1

     

    The kvm.conf file for me looks like this
    options kvm_intel nested=1 ignore_msrs=1 halt_poll_ns=0

     

    Quote

    To enable nested virtualization for AMD processors:

    Shut down all running VMs and unload the kvm_amd module:

    # modprobe -r kvm_amd

    Activate the nesting feature:

    # modprobe kvm_amd nested=1

    Nested virtualization is enabled until the host is rebooted. To enable it permanently, add the following line to the /etc/modprobe.d/kvm.conf file:

    options kvm_amd nested=1

    Source:

    https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/index.html

    Link to comment

    A word of caution...

    Nested virtualization using a (virtualised) windows host is still not supported for current architecture AMD CPUs, this is a Microsoft limitation.

    You will likely brick your windows VM trying, so make sure you backup your VM if you want to give this a go.

     

    Edited by tjb_altf4
    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.