Re: [openstack-dev] [third-party][ci] openstack CI VM template

2017-02-28 Thread Daniel P. Berrange 
On Tue, Feb 28, 2017 at 07:49:01AM -0600, Mikhail Medvedev wrote:
> On Tue, Feb 28, 2017 at 2:52 AM, Guo, Ruijing  wrote:
> > Hi, CI Team,
> >
> >
> >
> > I’d like to know if openstack CI VM support nested virtualization.
> >
> 
> OpenStack CI infrastructure is using nested visualization inside of
> devstack VMs to perform tempest testing. But at the moment accel=tcg
> is used (emulation) for second level virt. IIRC it is done because
> some of the provider clouds had problems with KVM acceleration.

FYI, the QEMU & KVM maintainers still recommend *against* use of
nested-KVM in any production deployment, since they are not confident
of the security at this time. ie risk a level-2 guest could potentially
break out into either the level-1 guest or the physical host. This is
why the kvm kernel module requires an explicit opt-in to enable nested-KVM
on a host.

nested-KVM is improving, but there's no target date when it will
be considered ready for production use.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://entangle-photo.org   -o-http://search.cpan.org/~danberr/ :|

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [third-party][ci] openstack CI VM template

2017-02-28 Thread Mikhail Medvedev 
On Tue, Feb 28, 2017 at 2:52 AM, Guo, Ruijing  wrote:
> Hi, CI Team,
>
>
>
> I’d like to know if openstack CI VM support nested virtualization.
>

OpenStack CI infrastructure is using nested visualization inside of
devstack VMs to perform tempest testing. But at the moment accel=tcg
is used (emulation) for second level virt. IIRC it is done because
some of the provider clouds had problems with KVM acceleration.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [third-party][ci] openstack CI VM template

2017-02-28 Thread Jianghua Wang 
Ruijing,
   I'm not sure about other cases, but XenServer CI is using nested 
virtualization.
Regards,
Jianghua

From: Guo, Ruijing [mailto:ruijing@intel.com]
Sent: Tuesday, February 28, 2017 4:52 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [third-party][ci] openstack CI VM template

Hi, CI Team,

I'd like to know if openstack CI VM support nested virtualization.

Thanks,
-Ruijing
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [third-party][ci] openstack CI VM template

2017-02-28 Thread Guo, Ruijing 
Hi, CI Team,

I'd like to know if openstack CI VM support nested virtualization.

Thanks,
-Ruijing
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev