Disabling Nested Virtualization

The CML server uses the Linux KVM hypervisor to run the virtual machines (VMs) for each node in a simulation. When you deploy the CML server itself as a virtual machine, the CML VM runs the node VMs as nested virtual machines. For example, if you deploy CML on an Intel-based macOS system using VMware Fusion, the host OS (macOS) runs the guest (CML) with nested virtualization support enabled in the hypervisor (VMware). That nested virtualization support in VMware is needed so that the CML VM can use the host CPU for better performance when it runs nested VMs for the nodes in your CML lab.

By default, nested virtualization is enabled in the CML VM’s (KVM) hypervisor, too. But the guest (CML) doesn’t really need to enable nested virtualization in its hypervisor (KVM) unless you expect the nodes in your CML lab to spin up their own VMs (i.e., an additional layer of nested virtualization), which is uncommon. If you see any errors when running your lab that indicate problems with nested virtualization, follow these instructions to disable nested virtualization in the CML VM’s KVM configuration.

Procedure

Start up the CML virtual machine in VMware.

Log into the System Administration Cockpit as the system administrator account. See Logging into the System Administration Cockpit.

Click Terminal in the navigation bar on the left side of the page.

Make sure that there are no labs running in your CML VM. For example, run this command in the terminal:

sudo virsh list

The expected output should show no running VMs.

Id   Name   State
--------------------

sysadmin@cml-controller:~$

If the virsh list command showed one or more running VMs, stop all running labs before proceeding.

Run this command in the Terminal:

sudo sed -i -e '$aoptions kvm_intel nested=0' /etc/modprobe.d/kvm-intel.conf

Reboot the CML VM. For example, you can simply run shutdown -r now in the Terminal.

Once the CML VM finishes rebooting, verify that nested virtualization is actually disabled. Log into the System Administration Cockpit again, and run this command in the Terminal:

cat /sys/module/kvm_intel/parameters/nested

The command should output N or possibly 0.

If the command showed Y or 1 instead of the expected output, the change didn’t take effect. Go back to the beginning and try applying this change again. Make sure that the CML VM is actually rebooted and not just paused and restarted. If you still do not get the expected output in this step, then contact CML support.

Nested virtualization support is now disabled in the CML VM’s hypervisor (KVM). Try starting a lab in the CML UI. You should no longer get errors related to nested virtualization. Note that if one of your labs running on the CML server has a node that attempts to use nested virtualization, that operation will probably fail.