← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #75546

[Bug 1791678] Re: Nested virtualization (aka CPU extra flags revisited)

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/609788
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=e304ad7f4d3bf0d0cf4e5b4d2de3f2c4be2f2b8e
Submitter: Zuul
Branch:    master

commit e304ad7f4d3bf0d0cf4e5b4d2de3f2c4be2f2b8e
Author: Florian Haas <florian@xxxxxxxxxxxxxx>
Date:   Thu Oct 11 18:01:21 2018 +0000

    Explain cpu_model_extra_flags and nested guest support
    
    In the Configuration Guide's section on KVM:
    
    * expand on the implications of selecting a CPU mode and model
      for live migration,
    * explain the cpu_model_extra_flags option,
    * discuss how to enable nested guests, and the implications and
      limitations of doing so,
    * bump the heading level of "Guest agent support".
    
    Closes-Bug: 1791678
    Change-Id: I671acd16c7e5eca01b0bd633caf8e58287d0a913


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1791678

Title:
  Nested virtualization (aka CPU extra flags revisited)

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Public Cloud WG:
  New

Bug description:
  We should contribute some authoritative documentation on how to
  configure nested virtualization in a way that (a) doesn't break live
  migration, (b) does not tank guest performance because of
  Spectre/Meltdown.

  Since https://review.openstack.org/#/c/534384/, we have the ability to
  set, in nova.conf:

  [libvirt]
  cpu_mode = custom
  cpu_model = IvyBridge
  cpu_model_extra_flags = <flags>

  It is my understanding that deployers should always set the pcid flag
  so that Spectre/Meltdown mitigation patches don't kill guest
  performance. Deployers who want to also enable nested virtualization
  should enable pcid,vmx (which is only available from Rocky forward —
  in prior releases pcid is the only available option for reasons
  discussed in that Gerrit change).

  This is already documented, albeit only deeply buried in the Nova
  configuration reference. I think it would be good to have a paragraph
  in the admin guide as well that simply explains how to enable nested
  virtualization, and what to consider. In particular, that enabling
  nested virtualization breaks live migration for guests that are
  themselves running guests, which tends to not be very widely known
  among OpenStack users.

  Related links:
  https://review.openstack.org/#/c/534384/
  https://docs.openstack.org/nova/rocky/configuration/config.html#libvirt.cpu_model_extra_flags
  https://docs.openstack.org/nova/rocky/admin/index.html
  https://www.linux-kvm.org/page/Nested_Guests

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1791678/+subscriptions
  Thread PreviousDate PreviousThread Next