Open meichenberger opened 10 years ago
dev-zero
commented
10 years ago I would be careful with that. With the current VM CPU configuration (which is copying almost every flag available/capability) every guest will be able to do nested virtualization. Since there is still a lot of overhead involved and the feature not widely tested, this could possibly be used for a DoS. Therefore I would recommend to enable it in the host, but filter out the flag for the guest CPUs for now.
meichenberger
commented
10 years ago Sounds good. The next questions is:
Once we know this, we can define our provider policy towards our customers (who is allowed to turn nested virtualization on).
dev-zero
commented
10 years ago we currently specify the following in the XML (the domain definition "template") to copy all available host CPU features to the guest:
<cpu mode='host-model'>
<model fallback='allow'/>
</cpu>If we want to be able to enable nested virtualization on a per-VM basis based on the current principle, we have to restrict the flags:
<cpu mode='host-model'>
<model fallback='allow'/>
<feature policy='disable' name='vmx'/>
<feature policy='disable' name='svm'/>
</cpu>... and then toggle between "disable" and "optional" for "vmx" and "svm".
More info: https://www.berrange.com/posts/2010/02/15/guest-cpu-model-configuration-in-libvirt-with-qemukvm/
A different way would be to specify a more basic CPU instead and add flags on an as-needed basis. This would most probably be the cleaner way, but requires a lot of additional attributes and a corresponding model in the LDAP and the management code. Querying the VM node CPUs flags can be done via libvirt, but we would have to replicate this info in the LDAP, do checks, decide what to expose, how, etc...
Manuel tests have been successful. Please turn nested virtualization on. The corresponding documentation: http://wiki.stoney-cloud.org/index.php/stoney_cloud:_Nested_virtualization