How to enable nested virtualization on Google Cloud

Google Cloud supports nested virtualization using the KVM hypervisor on Linux instances. This nested virtualization feature allows you to run one or more virtual machines inside a Linux virtual machine by leveraging Intel VT-x processor, It means VMs inside of VMs. The only requirement is that the VM has to run on an Intel Haswell or newer CPU. Here are the steps, how to enable nested virtualization on google cloud.

  • ESX and Xen hypervisors are not supported.
  • Nested virtualization does not currently support Windows instances.

Google has verified nested virtualization tests which work perfectly using the following Linux distros. The list of available regions and zones for the CPU platforms available in each zone.

– CentOS 7 with kernel version 3.10
– Debian 9 with kernel version 4.9
– Debian 8 with kernel version 3.16
– RHEL 7 with kernel version 3.10
– SLES 12.2 with kernel version 4.4
– SLES 12.1 with kernel version 3.12
– Ubuntu 16.04 LTS with kernel version 4.4
– Ubuntu 14.04 LTS with kernel version 3.13

How to Enable nested virtualization on Google Cloud

You can enable nested virtualization using ‘gcloud’ command-line tool or the API. It would be required to create a custom image with the special license key required for virtualization. We have created a new nested virtualization image using an existing image as a source image.

Log in your Google Cloud Console

Click top right corner - > Activate Google Cloud Shell
google cloud shell

GCP shell

List all compute images including deprecated.

$ gcloud compute images list --show-deprecated
gcloud list images

gcloud list images

You can use any one of the image as the source image to enable nested virtualization.

Syntax,

$ gcloud compute images create <nested_image_name> \
--source-image=<os_image_name> --source-image-project=<source_image_project> \
--licenses="https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"

For example, the following command creates an image named ‘gcp-nested-vm-image‘ from an existing centos image named ‘centos-7-v20170719‘.

$ gcloud compute images create gcp-nested-vm-image \
--source-image=centos-7-v20170719 --source-image-project=centos-cloud \
--licenses="https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"

Once done. Create a VM instance with the custom image in a zone that supports Haswell or higher.

Using the Console.

Login Compute Engine -> VM instances -> CREATE INSTANCE

Using gcloud command.

$ gcloud compute instances create example-nested-vm --zone us-central1-b \
--image gcp-nested-vm-image

Once VM created, connect the VM SSH and check that nested virtualization is enabled by running the following command.

# grep -cw vmx /proc/cpuinfo

or

# cat /proc/cpuinfo | grep vmx

A non-zero response confirms that nested virtualization is enabled.

You have enabeld the nested virtualization on your google cloud. Now you can start a nested VM in many different ways like qemu-kvm installation.