Antsle Forum

Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more. 

Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked. 

Forum breadcrumbs - You are here:ForumGeneral: GeneralNested virtualization?
Please or Register to create posts and topics.

Nested virtualization?

Page 1 of 2Next

I'm trying to run application (EVE-NG) that needs nested virtualization to run properly.  The software calls for Ubuntu 16.04 and when I load it into an antlet it says "neither Intel VT-x or AMD-V Found".

Can anyone fill me on how to enable it as I understand this feature is available in AntsleOS/EdgeLinux?

Thanks!

 

Waterboy,  Currently nested virtualization is not working in the antsle

Oh ok.  Any idea if/when it will be working?  Maybe after move to CentOS?

 

Thanks!

@waterboy, I checked some forums and it appears you can do nested virtualization in KVM running on CentOS so it should work with us as well. CentOS is ready in beta now, shoot me a note at marketing@antsle.com if you'd like to try it out.

I think I have the same request.

I would like to run Red Hat Code Ready Containers (crc) in a antlet VM. I have tried both centos as LXC and KVM.

My latest attempt was to build off CentOS 7 KVM. I upgraded it and added my user with privileges.

During 'crc setup' it stops with these messages:

INFO Setting up virtualization
FATA You need to enable virtualization in BIOS

I stopped all VMs, and went out to root of myantsle and enabled

root@myantsle:~ # cat /etc/modprobe.d/kvm.conf
options kvm_intel nested=1

root@myantsle:~ # cat /sys/module/kvm_intel/parameters/nested
Y

Is there something else to do?

Do I have to install KVM in the VM as well?

 

I am able to run docker on the Centos 7-KVM template without any issue, using edgeLinux 2.0.0 and Antman 3.3.1.

However, the Win2019StdGui - KVM template does not support it.  It wants the VMX flag enabled in the BIOS.

Any update on this?  I too would like to actually run WSL on a windows box inside an antlet, but alas, it does not appear in the cards?

What is up with this? and the product in general?   Very disappointed...

Finally, I made it work ! Nested virtualization.

I am actually running the following hardware :

  • Antsle one XD - 4 Cores
  • edgeLinux version 2.0.0
  • antMan 3.4.3

The CPUs in my Antsle are : Intel® Xeon Processor D-1518 (Intel Code name : Broadwell) [cpu family 6 - model 86]

On my Antsle, I need to do the Pre-condition checks.

Verify in Antsle BIOS if Intel Virtualization Technology is enabled.

I should have the following option enabled

Intel Virtualization Technology [enabled]

Once BIOS option is enabled, I logged in my Antsle with ssh as root.

To support nested virtualization it requires Intel VT-x vmx feature. To check if this is available I did a grep (-c for count) on /proc/cpuinfo. The count return will be either 0 if not supported or the number of cores if supported. I ran the following command.

cat /proc/cpuinfo | grep -c vmx
8

So in my case I have 8 core supporting virtualization.

Having verified that virtualization is supported I need to check if nested virtualization is enabled. I ran the following command.

cat /sys/module/kvm_intel/parameters/nested
N

In my case it's not enabled, so I have created a file in /etc/modprobe.d to enable nested virtualisation with this : options kvm_intel nested=1

If you look at the file, you should now see.

cat /etc/modprobe.d/kvm.conf
options kvm_intel nested=1

Then I rebooted my Antsle and ssh again with root once booted.

I checked now if nested virtualisation is enabled. I ran the following command.

cat /sys/module/kvm_intel/parameters/nested
Y

Good, nested virtualization is available and enabled.

After, I did a verification of my machine to see if all is set up correctly. I ran the following command.

virt-host-validate

You should have result similar to this

QEMU: Checking for hardware virtualization : PASS
QEMU: Checking if device /dev/kvm exists : PASS
QEMU: Checking if device /dev/kvm is accessible : PASS
QEMU: Checking if device /dev/vhost-net exists : PASS
QEMU: Checking if device /dev/net/tun exists : PASS
QEMU: Checking for cgroup 'memory' controller support : PASS
QEMU: Checking for cgroup 'memory' controller mount-point : PASS
QEMU: Checking for cgroup 'cpu' controller support : PASS
QEMU: Checking for cgroup 'cpu' controller mount-point : PASS
QEMU: Checking for cgroup 'cpuacct' controller support : PASS
QEMU: Checking for cgroup 'cpuacct' controller mount-point : PASS
QEMU: Checking for cgroup 'cpuset' controller support : PASS
QEMU: Checking for cgroup 'cpuset' controller mount-point : PASS
QEMU: Checking for cgroup 'devices' controller support : PASS
QEMU: Checking for cgroup 'devices' controller mount-point : PASS
QEMU: Checking for cgroup 'blkio' controller support : PASS
QEMU: Checking for cgroup 'blkio' controller mount-point : PASS
QEMU: Checking for device assignment IOMMU support : PASS
QEMU: Checking if IOMMU is enabled by kernel : WARN (IOMMU appears to be disabled in kernel. Add intel_iommu=on to kernel cmdline arguments)
LXC: Checking for Linux >= 2.6.26 : PASS
LXC: Checking for namespace ipc : PASS
LXC: Checking for namespace mnt : PASS
LXC: Checking for namespace pid : PASS
LXC: Checking for namespace uts : PASS
LXC: Checking for namespace net : PASS
LXC: Checking for namespace user : PASS
LXC: Checking for cgroup 'memory' controller support : PASS
LXC: Checking for cgroup 'memory' controller mount-point : PASS
LXC: Checking for cgroup 'cpu' controller support : PASS
LXC: Checking for cgroup 'cpu' controller mount-point : PASS
LXC: Checking for cgroup 'cpuacct' controller support : PASS
LXC: Checking for cgroup 'cpuacct' controller mount-point : PASS
LXC: Checking for cgroup 'cpuset' controller support : PASS
LXC: Checking for cgroup 'cpuset' controller mount-point : PASS
LXC: Checking for cgroup 'devices' controller support : PASS
LXC: Checking for cgroup 'devices' controller mount-point : PASS
LXC: Checking for cgroup 'blkio' controller support : PASS
LXC: Checking for cgroup 'blkio' controller mount-point : PASS
LXC: Checking if device /sys/fs/fuse/connections exists : FAIL (Load the 'fuse' module to enable /proc/ overrides)

Now, I need to verify if nested virtualization is available on my antlet.

I logged in my antlet with ssh

I verified if nested virtualization is available on the Guest OS antlet. I ran the following command.

sudo cat /proc/cpuinfo | grep -c vmx
0

We can see that it's not available, otherwise we would have a value greater than 0.

I took a look at the CPU my antlet is configured with. I ran the following command.

sudo cat /proc/cpuinfo

processor : 0

vendor_id : GenuineIntel

cpu family : 6

model : 44

model name : Westmere E56xx/L56xx/X56xx (Nehalem-C)

In my case, my antlet is running with an Intel Westmere CPU model.

Now I shut down my antlet gest OS

Back on my Antsle

I have edited my antlet virtual configuration with the following command.

virsh edit "my antlet name"

And changed the following two lines

<cpu mode='custom' match='exact' check='partial'>

<model fallback='allow'>Westmere</model>

For the following one

<cpu mode='host-passthrough'>

The I restarted my antlet

Once fully booted, I logged in my antlet with ssh.

And then verified if nested virtualization is available on the Guest OS antlet. I ran the following command

sudo cat /proc/cpuinfo | grep -c vmx
16

I now have nested virtualization available since returned value is greater than 0.

Took a look now at the CPU my antlet is configured with. It should be the same as my Antsle. I ran the following command.

sudo cat /proc/cpuinfo

processor : 0

vendor_id : GenuineIntel

cpu family : 6

model : 86

model name : Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz

In my case, the antlet is now running with an Intel Xeon CPU model, same as my Antsle.

I also need to verify if nested virtualization is enabled in my antlet (Linux only). I executed the following command.

cat /sys/module/kvm_intel/parameters/nested
N

We see that it's not enabled, so I have created a file in /etc/modprobe.d to enable nested virtualisation with this : options kvm_intel nested=1

If you look at the file, you should now see.

cat /etc/modprobe.d/kvm.conf
options kvm_intel nested=1

Then rebooted my antlet.

A last check, I ran the following command

cat /sys/module/kvm_intel/parameters/nested
Y

Et voilà ! Nested virtualization is fully functional

Here are the references I have used to come up with a working solution :

https://blog.wikichoon.com/2016/01/using-cpu-host-passthrough-with-virt.html
https://libvirt.org/formatdomain.html#cpu-model-and-topology
https://tips.graphica.com.au/nested-kvm/

daniel.luck has reacted to this post.
daniel.luck

Hi @stherien

Thanks so much for the detailed and informative write-up on nested virtualization on your antsle!

I'm curious as to how you are using nested virtualization on your antsle, and I'm sure this will be useful to many.

Thanks,
antsle Support

Hi Daniel,

I am using GNS3 Server VM version 2.2.35.1. I originally installed the VMware Workstation and Fusion VM image (https://gns3.com/software/download-vm) on Windows 10, then migrated it to my Antsle following the instructions in this guide (https://docs.antsle.com/templates/import-vm-images).  Next, I created an antlet from the Template created in the previous step. In a final step, I assigned my antlet  all the CPU (8) and all the memory (32GB) of my  Antsle. I am still running GNS3 Client (Ubuntu) from VmWare Fusion and waiting for GNS3 version 3 to get rid of GNS3 Client and run it only from Web Client.

I use the environment for training and education purpose. I am doing Nested Virtualization in GNS3 Server running Windows 10 and Ubuntu 20.0.

It works like a charm.

Cheers,

Sylvain

daniel.luck has reacted to this post.
daniel.luck
Page 1 of 2Next