From dan.pavia at eng.it Wed Nov 21 07:09:10 2012
Content-Type: multipart/mixed; boundary="===============8441482403197619696=="
MIME-Version: 1.0
From: Pavia Daniele <dan.pavia at eng.it>
To: users at ovirt.org
Subject: [Users] Ovirt Node :: Nested virtualization
Date: Wed, 21 Nov 2012 13:09:04 +0100
Message-ID: <6A671820E63F0E4FB42453BD2D8A1B88616167@itrmx010.italy.itroot.adnet>

--===============8441482403197619696==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.

------_=3D_NextPart_001_01CDC7E1.01EB5521
Content-Type: text/plain;
	charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello everybody,
I'm trying to enable nested virtualization on a physical ovirt node =3D
v2.5.5. What I want is to run L1 ovirt guest vms that expose intel's vmx =
=3D
feature. I've enabled nested virtualization via kvm-intel nested=3D3D1 on =
=3D
my physical node, yet, when I create and run a guest vm on that node, =3D
there's no vmx extension/feature on the virtualized cpu. I've also =3D
fiddled a bit with the vdc_options table, ServerCPUList option, to no =3D
avail. I just need to tell ovirt to add the vmx extension to the =3D
virtualized cpu features when it creates a guest, is there a way to do =3D
this?

In libvirt terms:

 <cpu match=3D3D'exact'>
      <model>Penryn</model>
      <vendor>Intel</vendor>
      <feature policy=3D3D'require' name=3D3D'vmx'/>
 </cpu>
Thanks,
Daniele Pavia


------_=3D_NextPart_001_01CDC7E1.01EB5521
Content-Type: text/html;
	charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

   =3D20
  </head>
  <body bgcolor=3D3D"#FFFFFF" text=3D3D"#000000">
    <tt>Hello everybody,</tt><tt><br>
    </tt><tt>I'm trying to enable nested virtualization on a physical
      ovirt node v2.5.5. What I want is to run L1 ovirt guest vms that
      expose intel's vmx feature. I've enabled nested virtualization via
    </tt><code class=3D3D"plain">kvm-intel nested=3D3D1 on my physical node,
      yet, when I create and run a guest vm on that node, there's no vmx
      extension/feature on the virtualized cpu. I've also fiddled a bit
      with the vdc_options table, </code><code class=3D3D"plain"><span
        style=3D3D"color: rgb(0, 0, 0);">ServerCPUList option, to no =3D
avail.
        I just need to tell ovirt to add the vmx extension to the
        virtualized cpu features when it creates a guest, is there a way
        to do this?<br>
        <br>
        In libvirt terms:</span></code><tt><br>
    </tt>
    <pre> &lt;cpu match=3D3D'exact'&gt;
      &lt;model&gt;Penryn&lt;/model&gt;
      &lt;vendor&gt;Intel&lt;/vendor&gt;
      &lt;feature policy=3D3D'require' name=3D3D'vmx'/&gt;
 &lt;/cpu&gt;</pre>
    <code>Thanks</code><tt>,</tt><tt><br>
    </tt><tt>Daniele Pavia</tt><tt><br>
    </tt><code class=3D3D"plain"></code><tt>
    </tt>
    <meta name=3D3D"qrichtext" content=3D3D"1">
    <meta http-equiv=3D3D"Content-Type" content=3D3D"text/html;
      charset=3D3DISO-8859-1">
    <style type=3D3D"text/css">
p, li { white-space: pre-wrap; }
</style>
  </body>
</html>

------_=3D_NextPart_001_01CDC7E1.01EB5521--

--===============8441482403197619696==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KCi0tLS0tLV89X05l
eHRQYXJ0XzAwMV8wMUNEQzdFMS4wMUVCNTUyMQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Cglj
aGFyc2V0PSJpc28tODg1OS0xIgpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBxdW90ZWQtcHJp
bnRhYmxlCgpIZWxsbyBldmVyeWJvZHksCkknbSB0cnlpbmcgdG8gZW5hYmxlIG5lc3RlZCB2aXJ0
dWFsaXphdGlvbiBvbiBhIHBoeXNpY2FsIG92aXJ0IG5vZGUgPQp2Mi41LjUuIFdoYXQgSSB3YW50
IGlzIHRvIHJ1biBMMSBvdmlydCBndWVzdCB2bXMgdGhhdCBleHBvc2UgaW50ZWwncyB2bXggPQpm
ZWF0dXJlLiBJJ3ZlIGVuYWJsZWQgbmVzdGVkIHZpcnR1YWxpemF0aW9uIHZpYSBrdm0taW50ZWwg
bmVzdGVkPTNEMSBvbiA9Cm15IHBoeXNpY2FsIG5vZGUsIHlldCwgd2hlbiBJIGNyZWF0ZSBhbmQg
cnVuIGEgZ3Vlc3Qgdm0gb24gdGhhdCBub2RlLCA9CnRoZXJlJ3Mgbm8gdm14IGV4dGVuc2lvbi9m
ZWF0dXJlIG9uIHRoZSB2aXJ0dWFsaXplZCBjcHUuIEkndmUgYWxzbyA9CmZpZGRsZWQgYSBiaXQg
d2l0aCB0aGUgdmRjX29wdGlvbnMgdGFibGUsIFNlcnZlckNQVUxpc3Qgb3B0aW9uLCB0byBubyA9
CmF2YWlsLiBJIGp1c3QgbmVlZCB0byB0ZWxsIG92aXJ0IHRvIGFkZCB0aGUgdm14IGV4dGVuc2lv
biB0byB0aGUgPQp2aXJ0dWFsaXplZCBjcHUgZmVhdHVyZXMgd2hlbiBpdCBjcmVhdGVzIGEgZ3Vl
c3QsIGlzIHRoZXJlIGEgd2F5IHRvIGRvID0KdGhpcz8KCkluIGxpYnZpcnQgdGVybXM6CgogPGNw
dSBtYXRjaD0zRCdleGFjdCc+CiAgICAgIDxtb2RlbD5QZW5yeW48L21vZGVsPgogICAgICA8dmVu
ZG9yPkludGVsPC92ZW5kb3I+CiAgICAgIDxmZWF0dXJlIHBvbGljeT0zRCdyZXF1aXJlJyBuYW1l
PTNEJ3ZteCcvPgogPC9jcHU+ClRoYW5rcywKRGFuaWVsZSBQYXZpYQoKCi0tLS0tLV89X05leHRQ
YXJ0XzAwMV8wMUNEQzdFMS4wMUVCNTUyMQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsKCWNoYXJz
ZXQ9Imlzby04ODU5LTEiCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFi
bGUKCjxodG1sPgogIDxoZWFkPgoKICAgPTIwCiAgPC9oZWFkPgogIDxib2R5IGJnY29sb3I9M0Qi
I0ZGRkZGRiIgdGV4dD0zRCIjMDAwMDAwIj4KICAgIDx0dD5IZWxsbyBldmVyeWJvZHksPC90dD48
dHQ+PGJyPgogICAgPC90dD48dHQ+SSdtIHRyeWluZyB0byBlbmFibGUgbmVzdGVkIHZpcnR1YWxp
emF0aW9uIG9uIGEgcGh5c2ljYWwKICAgICAgb3ZpcnQgbm9kZSB2Mi41LjUuIFdoYXQgSSB3YW50
IGlzIHRvIHJ1biBMMSBvdmlydCBndWVzdCB2bXMgdGhhdAogICAgICBleHBvc2UgaW50ZWwncyB2
bXggZmVhdHVyZS4gSSd2ZSBlbmFibGVkIG5lc3RlZCB2aXJ0dWFsaXphdGlvbiB2aWEKICAgIDwv
dHQ+PGNvZGUgY2xhc3M9M0QicGxhaW4iPmt2bS1pbnRlbCBuZXN0ZWQ9M0QxIG9uIG15IHBoeXNp
Y2FsIG5vZGUsCiAgICAgIHlldCwgd2hlbiBJIGNyZWF0ZSBhbmQgcnVuIGEgZ3Vlc3Qgdm0gb24g
dGhhdCBub2RlLCB0aGVyZSdzIG5vIHZteAogICAgICBleHRlbnNpb24vZmVhdHVyZSBvbiB0aGUg
dmlydHVhbGl6ZWQgY3B1LiBJJ3ZlIGFsc28gZmlkZGxlZCBhIGJpdAogICAgICB3aXRoIHRoZSB2
ZGNfb3B0aW9ucyB0YWJsZSwgPC9jb2RlPjxjb2RlIGNsYXNzPTNEInBsYWluIj48c3BhbgogICAg
ICAgIHN0eWxlPTNEImNvbG9yOiByZ2IoMCwgMCwgMCk7Ij5TZXJ2ZXJDUFVMaXN0IG9wdGlvbiwg
dG8gbm8gPQphdmFpbC4KICAgICAgICBJIGp1c3QgbmVlZCB0byB0ZWxsIG92aXJ0IHRvIGFkZCB0
aGUgdm14IGV4dGVuc2lvbiB0byB0aGUKICAgICAgICB2aXJ0dWFsaXplZCBjcHUgZmVhdHVyZXMg
d2hlbiBpdCBjcmVhdGVzIGEgZ3Vlc3QsIGlzIHRoZXJlIGEgd2F5CiAgICAgICAgdG8gZG8gdGhp
cz88YnI+CiAgICAgICAgPGJyPgogICAgICAgIEluIGxpYnZpcnQgdGVybXM6PC9zcGFuPjwvY29k
ZT48dHQ+PGJyPgogICAgPC90dD4KICAgIDxwcmU+ICZsdDtjcHUgbWF0Y2g9M0QnZXhhY3QnJmd0
OwogICAgICAmbHQ7bW9kZWwmZ3Q7UGVucnluJmx0Oy9tb2RlbCZndDsKICAgICAgJmx0O3ZlbmRv
ciZndDtJbnRlbCZsdDsvdmVuZG9yJmd0OwogICAgICAmbHQ7ZmVhdHVyZSBwb2xpY3k9M0QncmVx
dWlyZScgbmFtZT0zRCd2bXgnLyZndDsKICZsdDsvY3B1Jmd0OzwvcHJlPgogICAgPGNvZGU+VGhh
bmtzPC9jb2RlPjx0dD4sPC90dD48dHQ+PGJyPgogICAgPC90dD48dHQ+RGFuaWVsZSBQYXZpYTwv
dHQ+PHR0Pjxicj4KICAgIDwvdHQ+PGNvZGUgY2xhc3M9M0QicGxhaW4iPjwvY29kZT48dHQ+CiAg
ICA8L3R0PgogICAgPG1ldGEgbmFtZT0zRCJxcmljaHRleHQiIGNvbnRlbnQ9M0QiMSI+CiAgICA8
bWV0YSBodHRwLWVxdWl2PTNEIkNvbnRlbnQtVHlwZSIgY29udGVudD0zRCJ0ZXh0L2h0bWw7CiAg
ICAgIGNoYXJzZXQ9M0RJU08tODg1OS0xIj4KICAgIDxzdHlsZSB0eXBlPTNEInRleHQvY3NzIj4K
cCwgbGkgeyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7IH0KPC9zdHlsZT4KICA8L2JvZHk+CjwvaHRt
bD4KCi0tLS0tLV89X05leHRQYXJ0XzAwMV8wMUNEQzdFMS4wMUVCNTUyMS0tCg==

--===============8441482403197619696==--

From iheim at redhat.com Wed Nov 21 17:34:39 2012
Content-Type: multipart/mixed; boundary="===============3563430763807400402=="
MIME-Version: 1.0
From: Itamar Heim <iheim at redhat.com>
To: users at ovirt.org
Subject: Re: [Users] Ovirt Node :: Nested virtualization
Date: Thu, 22 Nov 2012 00:34:33 +0200
Message-ID: <50AD56F9.1090609@redhat.com>
In-Reply-To: 6A671820E63F0E4FB42453BD2D8A1B88616167@itrmx010.italy.itroot.adnet

--===============3563430763807400402==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 11/21/2012 02:09 PM, Pavia Daniele wrote:
> Hello everybody,
> I'm trying to enable nested virtualization on a physical ovirt node
> v2.5.5. What I want is to run L1 ovirt guest vms that expose intel's vmx
> feature. I've enabled nested virtualization via |kvm-intel nested=3D1 on
> my physical node, yet, when I create and run a guest vm on that node,
> there's no vmx extension/feature on the virtualized cpu. I've also
> fiddled a bit with the vdc_options table, ||ServerCPUList option, to no
> avail. I just need to tell ovirt to add the vmx extension to the
> virtualized cpu features when it creates a guest, is there a way to do th=
is?
>
> In libvirt terms:|
>
>   <cpu match=3D'exact'>
>        <model>Penryn</model>
>        <vendor>Intel</vendor>
>        <feature policy=3D'require' name=3D'vmx'/>
>   </cpu>
>
> |Thanks|,
> Daniele Pavia
> ||
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

this hook should cover all you need, but not considered a good practice =

to use hooks on ovirt-node today (mike, any change here)?
http://gerrit.ovirt.org/#/c/9225/

you can use a regular fedora as a host and deploy this hook as an rpm to =

it (using regular fedora is more flexible than ovirt node for some things)

--===============3563430763807400402==--

From mburns at redhat.com Wed Nov 21 20:46:17 2012
Content-Type: multipart/mixed; boundary="===============2584812750467662828=="
MIME-Version: 1.0
From: Mike Burns <mburns at redhat.com>
To: users at ovirt.org
Subject: Re: [Users] Ovirt Node :: Nested virtualization
Date: Wed, 21 Nov 2012 20:46:12 -0500
Message-ID: <1353548772.22748.3.camel@beelzebub.mburnsfire.net>
In-Reply-To: 50AD56F9.1090609@redhat.com

--===============2584812750467662828==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On Thu, 2012-11-22 at 00:34 +0200, Itamar Heim wrote:
> On 11/21/2012 02:09 PM, Pavia Daniele wrote:
> > Hello everybody,
> > I'm trying to enable nested virtualization on a physical ovirt node
> > v2.5.5. What I want is to run L1 ovirt guest vms that expose intel's vmx
> > feature. I've enabled nested virtualization via |kvm-intel nested=3D1 on
> > my physical node, yet, when I create and run a guest vm on that node,
> > there's no vmx extension/feature on the virtualized cpu. I've also
> > fiddled a bit with the vdc_options table, ||ServerCPUList option, to no
> > avail. I just need to tell ovirt to add the vmx extension to the
> > virtualized cpu features when it creates a guest, is there a way to do =
this?
> >
> > In libvirt terms:|
> >
> >   <cpu match=3D'exact'>
> >        <model>Penryn</model>
> >        <vendor>Intel</vendor>
> >        <feature policy=3D'require' name=3D'vmx'/>
> >   </cpu>
> >
> > |Thanks|,
> > Daniele Pavia
> > ||
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> =

> this hook should cover all you need, but not considered a good practice =

> to use hooks on ovirt-node today (mike, any change here)?
> http://gerrit.ovirt.org/#/c/9225/
> =

> you can use a regular fedora as a host and deploy this hook as an rpm to =

> it (using regular fedora is more flexible than ovirt node for some things)

It can be done by installing the hook then persisting the relevant files
on ovirt-node.  It's not well tested at the moment, though, and you may
have other issues with nested virt specifically.  You would also need to
do some custom work that would enable nested virt in the kernel options
as well since it is disabled by default.  Getting this to work across
reboots would require some additional effort. =


At this time, you'd generally be better off using Fedora as your host.
You can also file an RFE bug to allow nested virt on ovirt-node.

Mike

> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users



--===============2584812750467662828==--