kvm: Passthrough host CPU in order to allow nesting

[fabiand]

Before this patch the virtual CPU was the stock qemu CPU, in the sense that
the virtual CPU features were set according to the default qemu CPU.

With this change the CPU features of the host will be copied at start to the
domain definition. This includes features like svm and vmx, which in turn allow
to run nested virtualization if the host is configured accordingly i.e.
kvm_intel nested=y in /etc/modprobe.d/kvm.conf.

To turn on nesting, a user has to specify --kvm-cpu-model host-model when
creating the VM.

Resolves #2553

Signed-off-by: Fabian Deutsch fabiand@fedoraproject.org

[minikube-bot]

Can one of the admins verify this patch?

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: fabiand
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: luxas

Assign the PR to them by writing /assign @luxas in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fabiand]

Should be in a reviewable state now.

[fabiand]

/assign @luxas

[fabiand]

I cna confirm that nesting works:

$ minikube ssh
                         _             _            
            _         _ ( )           ( )           
  ___ ___  (_)  ___  (_)| |/')  _   _ | |_      __  
/' _ ` _ `\| |/' _ `\| || , <  ( ) ( )| '_`\  /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )(  ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)

$ ls -shal /dev/kvm 
0 crw-rw---- 1 root root 10, 232 Feb 16 18:54 /dev/kvm

Achieved with this patchset as is.

[r2d4]

@minikube-bot ok to test

[fabiand]

Not sure why the tests fail.

[zakame]

Is it ok that the DefaultCPUModel is custom though?

[fabiand]

@zakame :)

I chose custom as it is compatible with the current settings.
We can choose to go with host-model which should also be safe (but different to the current settings), and lead to much better nesting performance.

Even if I favor to have host-model or host-passthrough by default, I tend to say that we can default to custom for a release or two, and then eventually do th switch if there was no negative feedback from host-* users.

[fabiand]

/cc @r2d4 any thoughts on this PR?

[dlorenc]

Is there any reason to actually pass this through as a config option? Could we hardcode it in the driver XML?

[fabiand]

We could hard code it if we are willing to make this change.

@michalskrivanek @berrange do you actually see a risk of defaulting to host-model? (Could you also confirm that host-model will enable nesting [assuming the host is configured accordingly])

[berrange]

Since you dont care about migration you should use host-passthrough in preference to host-model.

[fabiand]

@dlorenc @zakame @berrange I updated the change set to set host-passthrough unconditionally/by default.

[fabiand]

Any opinion on this PR?

I'd be fine in going with teh hard coded solution, there should be no drawback.

[fabiand]

Awesome!