Skip to content

Jenkinsfile: attach nested virtualization license to GCP images#242

Merged
jlebon merged 1 commit intocoreos:masterfrom
dustymabe:dusty-gcp-nested-virt-license
May 26, 2020
Merged

Jenkinsfile: attach nested virtualization license to GCP images#242
jlebon merged 1 commit intocoreos:masterfrom
dustymabe:dusty-gcp-nested-virt-license

Conversation

@dustymabe
Copy link
Copy Markdown
Member

@dustymabe dustymabe commented May 22, 2020

This will allow for launched instances to have access to /dev/kvm
by default. I am not aware of any known drawbacks to doing this as
I've been informed by GCP folks that if there is an environment that
doesn't have nested virt support or if there is a policy that disallows
it the instance simply won't have access to /dev/kvm. No other errors
would be presented to the user (like not being able to launch an
instance).

@dustymabe
Jenkinsfile: attach nested virtualization license to GCP images
640182d 
This will allow for launched instances to have access to /dev/kvm
by default. I am not aware of any known drawbacks to doing this as
I've been informed by GCP folks that if there is an environment that
doesn't have nested virt support or if there is a policy that disallows
it the instance simply won't have access to /dev/kvm. No other errors
would be presented to the user (like not being able to launch an
instance).
@dustymabe
Copy link
Copy Markdown
Member Author

dustymabe commented May 22, 2020

requires coreos/coreos-assembler#1477

This was referenced May 22, 2020
Merged
Merged
@zmarano
Copy link
Copy Markdown

zmarano commented May 26, 2020

LGTM. This is currently the way to allow nested KVM to work.

jlebon
jlebon approved these changes May 26, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@jlebon jlebon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required cosa PR is merged now.

@jlebon jlebon merged commit 665c1fd into coreos:master May 26, 2020
@dustymabe
Copy link
Copy Markdown
Member Author

dustymabe commented May 26, 2020

A little more context from @zmarano over in coreos/coreos-assembler#1477 (comment)

From the GCE point of view, enabling nested virt on an image by default (currently via the license resource addition) is perfectly fine for your use case. It will not change behaviors for users except to expose /dev/kvm (its synonymous to turning on the Intel-VTx setting on a physical machine in the firmware). That said, there isn't any guarantee that a given guest VM within the nested virt host VM will work or that the user is using a machine type that supports it. The matrix of possibilities there is enormous. It is therefore similar to saying your OS supports KVM on the hardware it is running on and by default allowing your users to use KVM on GCE VM's. I know this is a bit wishy-washy but let me know if I can clarify any of these points.

This is the doc on this topic and it is largely saying the same things in a different way.

@dustymabe dustymabe deleted the dusty-gcp-nested-virt-license branch May 27, 2020 05:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jlebon jlebon jlebon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dustymabe @zmarano @jlebon