nova: enable nested virt on Intel#1304
Conversation
vuntz
left a comment
vuntz
left a comment
There was a problem hiding this comment.
As said in the other pull request: I'm not really a big fan of enabling this by default. If anything, I'd prefer if it were an option.
My rationale is that enabling by default something that is tech preview leads people to believe it's not tech preview.
dirkmueller
left a comment
dirkmueller
left a comment
There was a problem hiding this comment.
make it a configurable, defaulting to off?
| if grep -qw vmx /proc/cpuinfo ; then | ||
| ! grep -q nested /etc/modprobe.d/80-kvm-intel.conf && | ||
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf && | ||
| /sbin/modprobe -r kvm-intel |
There was a problem hiding this comment.
/sbin/modprobe -r kvm_intel
| ! grep -q nested /etc/modprobe.d/80-kvm-intel.conf && | ||
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf && | ||
| /sbin/modprobe -r kvm-intel | ||
| /sbin/modprobe kvm-intel |
There was a problem hiding this comment.
/sbin/modprobe kvm_intel
| if grep -qw vmx /proc/cpuinfo ; then | ||
| ! grep -q nested /etc/modprobe.d/80-kvm-intel.conf && | ||
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf && | ||
| /sbin/modprobe -r kvm-intel |
| ! grep -q N /sys/module/kvm_intel/parameters/nested || | ||
| /sbin/modprobe -r kvm_intel | ||
| EOF | ||
| only_if { node[:nova][:kvm][:nested_virt] && `uname -r`.include?("default") && system("grep -qw vmx /proc/cpuinfo") } |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [131/100] (https://github.com/SUSE/style-guides/blob/master/Ruby.md#metricslinelength)
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf | ||
| ! grep -q N /sys/module/kvm_intel/parameters/nested || | ||
| /sbin/modprobe -r kvm_intel | ||
| EOF |
There was a problem hiding this comment.
Naming/HeredocDelimiterNaming: Use meaningful heredoc delimiters. (https://github.com/bbatsov/ruby-style-guide#heredoc-delimiters)
| EOF | ||
| only_if { node[:nova][:kvm][:nested_virt] && | ||
| `uname -r`.include?("default") && | ||
| system("grep -qw vmx /proc/cpuinfo") } |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 4) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
Layout/BlockEndNewline: Expression at 121, 56 should be on its own line.
| /sbin/modprobe -r kvm_intel | ||
| EOF | ||
| only_if { node[:nova][:kvm][:nested_virt] && | ||
| `uname -r`.include?("default") && |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 4) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
| ! grep -q N /sys/module/kvm_intel/parameters/nested || | ||
| /sbin/modprobe -r kvm_intel | ||
| EOF | ||
| only_if { node[:nova][:kvm][:nested_virt] && |
There was a problem hiding this comment.
Style/BlockDelimiters: Avoid using {...} for multi-line blocks. (https://github.com/bbatsov/ruby-style-guide#single-line-blocks)
Layout/MultilineBlockLayout: Block body expression is on the same line as the block start.
|
updated it with an optional bool (without migration because it is not required and makes downgrades easier) |
| only_if do | ||
| node[:nova][:kvm][:nested_virt] && | ||
| `uname -r`.include?("default") && | ||
| system("grep -qw vmx /proc/cpuinfo") |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 0) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
| SHELL | ||
| only_if do | ||
| node[:nova][:kvm][:nested_virt] && | ||
| `uname -r`.include?("default") && |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 0) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
| "secret_uuid": "" | ||
| }, | ||
| "kvm": { | ||
| "nested_virt": false, |
There was a problem hiding this comment.
Don't you need a migration?
There was a problem hiding this comment.
no, the value is marked as optional (required false) in the .schema file
There was a problem hiding this comment.
Ooh, that's a new one for me 😄 Ok, thanks this looks good then!
| "secret_uuid": "" | ||
| }, | ||
| "kvm": { | ||
| "nested_virt": false, |
There was a problem hiding this comment.
Ooh, that's a new one for me 😄 Ok, thanks this looks good then!
|
@vuntz @dirkmueller please re-review. |
| execute "enable kvm intel nested virt" do | ||
| command <<-SHELL | ||
| grep -q nested /etc/modprobe.d/80-kvm-intel.conf || | ||
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf |
There was a problem hiding this comment.
Just wondering (because that's how I would have done it): why is this part not a cookbook_file resource?
| `uname -r`.include?("default") && | ||
| system("grep -qw vmx /proc/cpuinfo") | ||
| end | ||
| end |
There was a problem hiding this comment.
If nested_virt is false, we also need code to disable nested virtualization.
| grep -q nested /etc/modprobe.d/80-kvm-intel.conf || | ||
| echo "options kvm_intel nested=1" > /etc/modprobe.d/80-kvm-intel.conf | ||
| ! grep -q N /sys/module/kvm_intel/parameters/nested || | ||
| /sbin/modprobe -r kvm_intel |
There was a problem hiding this comment.
Won't this cause failures if there's already a VM running?
There was a problem hiding this comment.
the module cannot be unloaded then anymore
| }) | ||
| only_if do | ||
| `uname -r`.include?("default") && | ||
| system("grep -qw vmx /proc/cpuinfo") |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 0) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
| source "kvm-intel-nested.conf.erb" | ||
| variables({ | ||
| kvm: node[:nova][:kvm] | ||
| kvm_nested_enabled: node[:nova][:kvm][:nested_virt] |
There was a problem hiding this comment.
Layout/IndentHash: Use 2 spaces for indentation in a hash, relative to the first position after the preceding left parenthesis.
| template "/etc/default/qemu-kvm" do | ||
| source "qemu-kvm.erb" | ||
| # set the nested KVM setting | ||
| template "/etc/modprobe.d/80-kvm-intel.conf" do |
There was a problem hiding this comment.
Style/MultilineIfModifier: Favor a normal if-statement over a modifier clause in a multiline statement. (https://github.com/bbatsov/ruby-style-guide#no-multiline-if-modifiers)
| only_if do | ||
| node[:platform_family] == "suse" && | ||
| `uname -r`.include?("default") && | ||
| system("grep -qw vmx /proc/cpuinfo") |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 0) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
| ) | ||
| only_if do | ||
| node[:platform_family] == "suse" && | ||
| `uname -r`.include?("default") && |
There was a problem hiding this comment.
Layout/MultilineOperationIndentation: Use 2 (not 0) spaces for indenting an expression spanning multiple lines. (https://github.com/SUSE/style-guides/blob/master/Ruby.md#stylemultilineoperationindentation)
|
Needs a rebase. |
because it defaults to off but a lot of people rely on nested virt being available While in https://fate.suse.com/320082 the virtualisation team declined to promote nested virt to fully supported status for SLE12, we are using this since 2012 in all kinds of places without problems.
bmwiedemann
dismissed stale reviews from nicolasbock, toabctl, and vuntz
via
afbcc5c
7 participants
because it defaults to off
but a lot of people rely on nested virt being available
While in https://fate.suse.com/320082 the virtualisation team
declined to promote nested virt to fully supported status for SLE12,
we are using this since 2012 in all kinds of places without problems.
same as #1261