← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1791678] Re: Nested virtualization (aka CPU extra flags revisited)

 

This is a documentation issue in Nova — adding as affected project.

** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1791678

Title:
  Nested virtualization (aka CPU extra flags revisited)

Status in OpenStack Compute (nova):
  New
Status in OpenStack Public Cloud WG:
  New

Bug description:
  We should contribute some authoritative documentation on how to
  configure nested virtualization in a way that (a) doesn't break live
  migration, (b) does not tank guest performance because of
  Spectre/Meltdown.

  Since https://review.openstack.org/#/c/534384/, we have the ability to
  set, in nova.conf:

  [libvirt]
  cpu_mode = custom
  cpu_model = IvyBridge
  cpu_model_extra_flags = <flags>

  It is my understanding that deployers should always set the pcid flag
  so that Spectre/Meltdown mitigation patches don't kill guest
  performance. Deployers who want to also enable nested virtualization
  should enable pcid,vmx (which is only available from Rocky forward —
  in prior releases pcid is the only available option for reasons
  discussed in that Gerrit change).

  This is already documented, albeit only deeply buried in the Nova
  configuration reference. I think it would be good to have a paragraph
  in the admin guide as well that simply explains how to enable nested
  virtualization, and what to consider. In particular, that enabling
  nested virtualization breaks live migration for guests that are
  themselves running guests, which tends to not be very widely known
  among OpenStack users.

  Related links:
  https://review.openstack.org/#/c/534384/
  https://docs.openstack.org/nova/rocky/configuration/config.html#libvirt.cpu_model_extra_flags
  https://docs.openstack.org/nova/rocky/admin/index.html
  https://www.linux-kvm.org/page/Nested_Guests

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1791678/+subscriptions