Follow the steps shown below if you want to be able to run nested virtual machines on RHEL 7 via KVM.
In this particular situation I have a physical Supermicro server that I want to use to host OpenStack.
Note that my home server has Intel Xeon processors, so I first enable nested virtualization via the KVM intel module. AMD procs use a different module.
[code language=”css”]
cat << EOF > /etc/modprobe.d/kvm_intel.conf
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1
EOF
[/code]
Also, in order to communicate with your nested VMs you will need to disable reverse path filtering, otherwise RHEL will discard any network packets in order to prevent asymmetric routing. See below.
[code language=”css”]
cat << EOF > /etc/sysctl.d/98-rp-filter.conf
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
EOF
[/code]
The simplest way to enable these changes is via a reboot of the physical host.
Thank you for this. An hour of frustration… this was the solution.
Yes – I ran into the same frustration. Hence the blog post. Thanks for visiting.
For future time travelers, I attempted to put this in a (crude) playbook for use with Ansible:
https://gist.github.com/xsgordon/a0c81d7f8debac1a9b1864c16fdb0946
You still have to initiate the reboot once this is run though (in my case I wanted the flexibility to schedule the reboot later).