Tuesday, April 14, 2020

How to Enable Nested Virtualization in VirtualBox (New Feature)

Did you ever want to have labs where you could play with different hypervisors withing a single virtual machine in your laptop?
I know this sounds more like an INCEPTION remake than a decent requirement but you can't blame us for being greedy knowing all what tools like virtualbox can help us do nowadays. 

To give more context to this issue. I was just trying to play with KVM lately when I realized that I was actually installing a hypervisor inside a guest machine within another hypervisor. Pretty weird indeed :) when you think of it  but I only stopped because a tool was complaining that no hypervisor was recognized. 
So how to make a Hypervisor (KVM) aware of the Host hardware when it's only installed under another Hypervisor layer (virtualbox)? This is called nested Virtualization btw.

well, after digging a little online, it turns out that the latest versions of Virtualbox do provide this feature and it is very simple to enable even after your vm has been provisioned.     


1. Environment

Host: Intel based Dell laptop with windows 10
Guest OS:
Oracle Linux 7
Hypervisor installed within the guest: KVM
Issue description from KVM.org:
For KVM to run from a vm it needs access to a set of CPU instructions (intel VT or AMD) to enable running fully isolated virtual machines at native hardware speeds (HVM ). Learn more.            

2. Symptoms

In my case the Host CPU socket is intel hence I would be looking whether Intel VT (Virtualization Technology) is listed as virtualization capability on the guest machine. 

 - So I ran the below which should display 2 if intel Virtualization capability is enabled. I got 0

[root@localhost ~]#  egrep -c "(svm|vmx)" /proc/cpuinfo
 - Alternatively you can also check if nested virtualization is enabled in kvm (kvm_intel). Still nothing 
[root@localhost ~]# lsmod | grep kvm
kvm                   659456  0
irqbypass              16384  1 kvm

3. Solution  

All you have to do is to make sure your Virtualbox is of version 6.1.4 and from there you can "activate" nested virtualization. Use either one of the below options. 

  • Adding <NestedHWVirt enabled="true"/> in CPU section of your .vbox file inside your VM folder (usually hidden in windows)
  • Running the following vboxmanage command  
C:\Program Files\Oracle\VirtualBox> vboxmanage modifyvm awx_vagrant --nested-hw-virt on
Here is the result to same lsmod command after applying the change.
[root@localhost ~]# lsmod | grep kvm
kvm                   659456  0
kvm                   659456  1 kvm_intel
irqbypass              16384  1 kvm
Another quick way to check if the change is effective is by opening the processor setting tab in Virtualbox .

  • Enable Nested Virtualization on Vagrant
If you are using vagrant to provision your vm you can also do it by adding below customize line in your vagrant file.
config.vm.provider "virtualbox" do |vb|
vb.memory = var_mem_size
vb.cpus   = var_cpus
vb.name   = var_vm_name
vb.customize ['modifyvm', :id, '--nested-hw-virt', 'on']