{"id":490581,"date":"2022-09-06T03:48:17","date_gmt":"2022-09-06T00:48:17","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-enable-nested-kvm-virtualization\/"},"modified":"2022-09-06T03:48:17","modified_gmt":"2022-09-06T00:48:17","slug":"how-to-enable-nested-kvm-virtualization","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/","title":{"rendered":"#How to Enable Nested KVM Virtualization"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2e61e1035d7\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2e61e1035d7\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#%E2%80%9CHow_to_Enable_Nested_KVM_Virtualization%E2%80%9D\" >&#8220;How to Enable Nested KVM Virtualization&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Checking_Whether_Nested_Virtualization_Is_Enabled\" >Checking Whether Nested Virtualization Is Enabled<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Enabling_Nested_Virtualization\" >Enabling Nested Virtualization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Activating_Nested_Virtualization_For_a_Guest\" >Activating Nested Virtualization For a Guest<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Checking_a_Guest_Can_Nest\" >Checking a Guest Can Nest<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Limitations\" >Limitations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-enable-nested-kvm-virtualization\/#Summary\" >Summary<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_to_Enable_Nested_KVM_Virtualization%E2%80%9D\"><\/span>&#8220;How to Enable Nested KVM Virtualization&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<!-- UNCACHED CONTENT --><\/p>\n<figure style=\"width: 1202px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-830090\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/09\/shutterstock_43367116.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Photo showing a stack of servers\" width=\"1202\" height=\"677\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/servers-stack-hard-drives-datacenter-43367116\">Shutterstock.com\/Eugene Kouzmenok<\/a><\/span><\/figcaption><\/figure>\n<p>KVM is a virtualization <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> that\u2019s integrated into the Linux kernel. A system with KVM enabled can act as <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.redhat.com\/en\/topics\/virtualization\/what-is-KVM\">a type-1 hypervisor<\/a>, provided the processor supports it.<\/p>\n<p>There are several ways to create a virtual machine using KVM. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.qemu.org\">QEMU<\/a> can use KVM and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/libvirt.org\">libvirt<\/a> and its <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/virt-manager.org\">Virtual Machine Manager<\/a> UI provide a convenient interface around it.<\/p>\n<p>KVM can be used to create nested virtual machines on compatible hardware. This lets you create VMs inside VMs to accommodate more complex use cases. Consider a virtualized development environment that runs on your host. You might need to run virtual device emulators <em>within<\/em> that environment, nested two levels deep from the bare metal hardware.<\/p>\n<p>This article will show you how to set up nested KVM virtualization and test that it\u2019s working. Before continuing, check you\u2019ve got <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ubuntu.com\/blog\/kvm-hyphervisor\">a functioning KVM installation available<\/a> and that you\u2019re familiar with creating new KVM virtual machines.<\/p>\n<h2 id=\"checking-whether-nested-virtualization-is-enabled\"><span class=\"ez-toc-section\" id=\"Checking_Whether_Nested_Virtualization_Is_Enabled\"><\/span>Checking Whether Nested Virtualization Is Enabled<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nested virtualization is supported by most modern processor families that offer hardware virtualization. You can check whether nesting is already enabled on your hypervisor by using the <code>cat<\/code> command to read one of the following paths, depending on whether you\u2019ve got an Intel or AMD system:<\/p>\n<pre># Intel&#13;\n$ cat \/sys\/module\/kvm_intel\/parameters\/nested&#13;\n&#13;\n# AMD&#13;\n$ cat \/sys\/module\/kvm_amd\/parameters\/nested<\/pre>\n<p>The output should be either <code>Y<\/code> or <code>N<\/code>. Seeing <code>Y<\/code> means you\u2019re good to go \u2013 nested virtualization is already turned on. You can skip down to the \u201cActivating Nested Virtualization For a Guest\u201d section below. If you see <code>N<\/code> in your terminal, it\u2019s time to enable nesting in KVM\u2019s kernel module.<\/p>\n<h2 id=\"enabling-nested-virtualization\"><span class=\"ez-toc-section\" id=\"Enabling_Nested_Virtualization\"><\/span>Enabling Nested Virtualization<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nesting is controlled by a KVM kernel module parameter. You can change the parameter by editing <code>\/etc\/modprobe.d\/qemu-system-x86.conf<\/code>. On some systems, this file could be called <code>\/etc\/modprobe.d\/kvm.conf<\/code>.<\/p>\n<p>You\u2019ll probably see a single line similar to one of these:<\/p>\n<pre>options kvm_intel&#13;\noptions kvm_intel nested=0&#13;\n&#13;\noptions kvm_amd&#13;\noptions kvm_amd nested=0<\/pre>\n<p>Any one of these variants means KVM is active but nesting is disabled.<\/p>\n<p>To enable nesting, simply add or change the <code>nested<\/code> parameter so it has <code>1<\/code> as its value:<\/p>\n<pre># Intel systems only&#13;\noptions kvm_intel nested=1&#13;\n&#13;\n# AMD systems only&#13;\noptions kvm_amd nested=1<\/pre>\n<p>Next you need to reload the KVM kernel module to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly your change. You should stop any running virtual machines before you do this.<\/p>\n<pre># Unload the module&#13;\n$ sudo modprobe -r kvm_intel&#13;\n&#13;\n# Reload the module with new settings&#13;\n$ sudo modprobe kvm_intel<\/pre>\n<p>Substitute <code>kvm_amd<\/code> instead of <code>kvm_intel<\/code> if you have an AMD processor.<\/p>\n<p>Now repeat the command from earlier to check whether nesting is enabled. You should get <code>Y<\/code> as the output.<\/p>\n<pre># Intel&#13;\n$ cat \/sys\/module\/kvm_intel\/parameters\/nested&#13;\nY&#13;\n&#13;\n# AMD&#13;\n$ cat \/sys\/module\/kvm_amd\/parameters\/nested&#13;\nY<\/pre>\n<p>This method permanently enables nested virtualization. It will persist across reboots until you remove <code>nested=1<\/code> from the KVM module\u2019s parameters.<\/p>\n<h2 id=\"activating-nested-virtualization-for-a-guest\"><span class=\"ez-toc-section\" id=\"Activating_Nested_Virtualization_For_a_Guest\"><\/span>Activating Nested Virtualization For a Guest<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Guest virtual machines can only use nested virtualization when they\u2019re configured with a CPU mode that supports it. The guest needs a CPU definition that exactly matches the physical hardware on your host.<\/p>\n<p>Most guests will work when the CPU mode is set to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/qemu-project.gitlab.io\/qemu\/system\/qemu-cpu-models.html\"><code>host-model<\/code><\/a>, which is usually the default. This means the guest receives a CPU definition that\u2019s similar to your host\u2019s. In some cases you might need to use the <code>host-passthrough<\/code> mode that exactly passes through all the characteristics of the host CPU.<\/p>\n<p>You can check and change a guest\u2019s CPU type by retrieving its manifest with <code>virsh<\/code>. First run the <code>virsh<\/code> command to launch an interactive shell. Then type <code>list --all<\/code> to retrieve all your VMs:<\/p>\n<pre>virsh # list --all&#13;\n Id   Name          State&#13;\n------------------------------&#13;\n -    ubuntu22.04   shut off&#13;\n -    win10         shut off<\/pre>\n<p>Next run <code>edit &lt;vm-name&gt;<\/code> to open the manifest of a named VM:<\/p>\n<pre>virsh # edit ubuntu22.04<\/pre>\n<p>Within the file, find the line that starts with <code>&lt;cpu mode=<\/code>. Change it to one of these:<\/p>\n<pre>&lt;cpu mode=\"host-model\" check='partial' \/&gt;&#13;\n&lt;cpu mode=\"host-passthrough\" check='none' \/&gt;<\/pre>\n<p>Save and close the file, then type <code>exit<\/code> into the virsh shell to close it. The guest should now be ready to start its own nested guests. Try changing modes if there seems to be a problem.<\/p>\n<h2 id=\"checking-a-guest-can-nest\"><span class=\"ez-toc-section\" id=\"Checking_a_Guest_Can_Nest\"><\/span>Checking a Guest Can Nest<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Most operating systems can tell you whether they can create a VM. Run the following command within your VM to check whether a Linux guest has access to virtualization:<\/p>\n<pre>cat \/proc\/cpuinfo | grep \"svm|vmx\"<\/pre>\n<p>Virtualization is available if you get some output with <code>svm<\/code> or <code>vmx<\/code> highlighted in red. SVM will show up on AMD machines; VMX appears for Intel.<\/p>\n<p>Now install a virtualization technology within the guest. You should find you can start a new nested VM. Here\u2019s a screenshot showing an Ubuntu virtual machine that is itself running an Alpine guest using nested KVM:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-830091\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/09\/how-to-enable-nested-kvm-virtualization.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"an image showing nested KVM virtual machines\" width=\"1387\" height=\"872\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<h2 id=\"limitations\"><span class=\"ez-toc-section\" id=\"Limitations\"><\/span>Limitations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nested guests come with a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.linux-kvm.org\/page\/Nested_Guests\">few limitations<\/a>. Some KVM features become unavailable for guests that have started a nested VM. You won\u2019t be able to migrate, save, or load these virtual machines, until the nested VM is stopped.<\/p>\n<p>The actual effect of trying to perform one of these operations is undefined. Some systems could withstand it; others may cause a kernel panic. Always try to shutdown your nested guests before performing an operation on VMs above them in the chain.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nested virtualization provides more power and flexibility. You can sandbox technologies that need their own virtualization to function, such as IDEs that launch device emulators.<\/p>\n<p>Getting nesting to work with KVM is normally straightforward. Any troubleshooting should begin by checking the <code>nested<\/code> parameter is enabled for your KVM kernel module. After that, check the CPU model assigned to your guest and verify you\u2019re using a compatible second-level hypervisor within the VM.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-enable-nested-kvm-virtualization\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How to Enable Nested KVM Virtualization&#8221; Shutterstock.com\/Eugene Kouzmenok KVM is a virtualization technology that\u2019s integrated into the Linux kernel. A system with KVM enabled can act as a type-1 hypervisor, provided the processor supports it. There are several ways to create a virtual machine using KVM. QEMU can use KVM and libvirt and its Virtual&#8230;<\/p>\n","protected":false},"author":1,"featured_media":490582,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/09\/shutterstock_43367116.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-490581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/490581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=490581"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/490581\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/490582"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=490581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=490581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=490581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}