Follow the steps shown below if you want to be able to run nested virtual machines on RHEL 7 via KVM.
In this particular situation I have a physical Supermicro server that I want to use to host OpenStack.
Note that my home server has Intel Xeon processors, so I first enable nested virtualization via the KVM intel module. AMD procs use a different module.
cat << EOF > /etc/modprobe.d/kvm_intel.conf
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
Also, in order to communicate with your nested VMs you will need to disable reverse path filtering, otherwise RHEL will discard any network packets in order to prevent asymmetric routing. See below.
cat << EOF > /etc/sysctl.d/98-rp-filter.conf
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
The simplest way to enable these changes is via a reboot of the physical host.
3 thoughts on “Enable Nested Virtualization on RHEL 7”
Thank you for this. An hour of frustration… this was the solution.
Yes – I ran into the same frustration. Hence the blog post. Thanks for visiting.
For future time travelers, I attempted to put this in a (crude) playbook for use with Ansible:
You still have to initiate the reboot once this is run though (in my case I wanted the flexibility to schedule the reboot later).