dubbo>> ansible-role-jm1-kvm-nested-virtualization>> 返回
项目作者: JM1

项目描述 :
Ansible role to configure KVM nested virtualization for Intel and AMD CPUs
高级语言:
项目地址: git://github.com/JM1/ansible-role-jm1-kvm-nested-virtualization.git
创建时间: 2021-01-18T13:01:34Z
项目社区:https://github.com/JM1/ansible-role-jm1-kvm-nested-virtualization
开源协议:GNU General Public License v3.0
下载


Ansible Role jm1.kvm_nested_virtualization

This role enables KVM nested virtualization for Intel and AMD CPUs.

It adds or removes options kvm_* nested=y for kernel modules kvm_intel and kvm_amd in modprobe config file
/etc/modprobe.d/kvm-nested-virtualization.conf (defined with variable modprobe_conf_path). When kernel module
options have been changed and reload_module is true, then it will reload the current kvm kernel module with Ansible
module community.general.modprobe.

:warning: WARNING:
This role will remove and (re)load the kvm_intel and kvm_amd modules from the Linux kernel to apply changes when
variable reload_module is set to true. Before executing this role ensure that no virtual machines or other processes
depending on these modules are running.
:warning:

With state: present, this role runs tasks similar to the following shell commands:

  1. # Reloading kernel modules and changing their options requires root rights
  2. sudo -s
  4. # Identify kvm support
  5. if ! grep -E 'vmx|svm' -q /proc/cpuinfo; then
  6.     echo "No virtualization support has been detected"
  7. else
  8.     if grep -E 'vmx' -q /proc/cpuinfo; then
  9.         # Detected Intel virtualization
  10.         kvm_kernel_module="kvm_intel"
  11.     else
  12.         # Detected AMD virtualization
  13.         kvm_kernel_module="kvm_amd"
  14.     fi
  16.     # Add module options to enable nested virtualization
  17.     cat << ____EOF > /etc/modprobe.d/kvm-nested-virtualization.conf
  18. # 2020-2022 Jakob Meng, <jakobmeng@web.de>
  19. # Enable KVM nested virtualization for Intel and AMD CPUs
  20. # Ref.: https://galaxy.ansible.com/jm1/kvm_nested_virtualization
  21. options kvm_intel nested=y
  22. options kvm_amd nested=1
  23. ____EOF
  25.     # Ensure kernel module is available and loaded
  26.     modprobe "$kvm_kernel_module"
  28.     # Reload kernel module to apply changes
  29.     if grep -E '^N|0$' -q "/sys/module/${kvm_kernel_module}/parameters/nested"; then
  30.         rmmod "$kvm_kernel_module"
  31.         modprobe "$kvm_kernel_module"
  32.     fi
  33. fi

With state: absent, this role runs tasks similar to the following shell commands:

  1. # Reloading kernel modules and changing their options requires root rights
  2. sudo -s
  4. # Identify kvm support
  5. if ! grep -E 'vmx|svm' -q /proc/cpuinfo; then
  6.     echo "No virtualization support has been detected"
  7. else
  8.     if grep -E 'vmx' -q /proc/cpuinfo; then
  9.         # Detected Intel virtualization
  10.         kvm_kernel_module="kvm_intel"
  11.     else
  12.         # Detected AMD virtualization
  13.         kvm_kernel_module="kvm_amd"
  14.     fi
  16.     # Remove module options to enable nested virtualization
  17.     rm /etc/modprobe.d/kvm-nested-virtualization.conf
  19.     # Ensure kernel module is available and loaded
  20.     modprobe "$kvm_kernel_module"
  22.     # Reload kernel module to apply changes
  23.     if grep -E '^Y|1$' -q "/sys/module/${kvm_kernel_module}/parameters/nested"; then
  24.         rmmod "$kvm_kernel_module"
  25.         modprobe "$kvm_kernel_module"
  26.     fi
  27. fi

Tested OS images

Available on Ansible Galaxy: jm1.kvm_nested_virtualization

This role is inspired by Lukas Bednar’s
lukas-bednar.nested_virtualization role.

Requirements

This role uses module(s) from collection community.general. You can fetch this collection
from Ansible Galaxy using the provided requirements.yml:

  1. ansible-galaxy collection install --requirements-file requirements.yml

Variables

Name Default value Required Description
modprobe_conf_path /etc/modprobe.d/kvm-nested-virtualization.conf no Path to modprobe config file. If this file already exists, then it will be overwritten. If state is absent, then this file will be removed.
reload_module yes no Should the current kernel module be reloaded if configuration has changed. Beware, the module must not be in use, e.g. no VMs must be running
state present no Should KVM nested virtualization be present or absent

Dependencies

None.

Example Playbook

  1. - hosts: all
  2.   roles:
  3.     - name: Enable KVM nested virtualization for Intel and AMD CPUs
  4.       role: jm1.kvm_nested_virtualization
  5.       # Optional: Pass variables to role
  6.       vars:
  7.         modprobe_conf_path: '/etc/modprobe.d/kvm-nested-virtualization.conf'
  8.         reload_module: yes
  9.         state: present

For instructions on how to run Ansible playbooks have look at Ansible’s
Getting Started Guide.

License

GNU General Public License v3.0 or later

See LICENSE.md to see the full text.

Author

Jakob Meng
@jm1 (github, galaxy, web)