I've learned that CirrusCI offers nested virtualization in their free package
for public repos and I am trying to make use of it for testing my Ansible
playbooks.
Unfortunately, libvirt is insisting that CI environment has no support for
full virtualization. All checks (known to me) testify of the opposite, and
qemu-kvm works fine when called directly. I'm almost certain the problem is
with my host OS configuration, and not with the CI engine. I've seen other
people use full virtualization on CirrusCI for their purposes (Android
emulation, redox testing).
I use Debian 10 for host system, slim image from DockerHub with the following
extra packages installed (–no-install-recommends):
bridge-utils libguestfs-tools python3-dev
coreutils libosinfo-bin python3-venv
cpu-checker libssl-dev qemu-kvm
curl libvirt-clients qemu-kvm
gcc libvirt-daemon qemu-utils
gpg libvirt-daemon-system systemd
gpg-agent linux-image-amd64 vagrant
iproute2 make vagrant-libvirt
kmod procps virt-goodies
libc-dev python3 virtinst
libffi-dev
Base image,
CirrusCI configuration
What may I be missing? Why would libvirt tell that there is no KVM when
qemu-kvm works perfectly?
libvirt error
Error while creating domain: Error saving the server: Call to virDomainDefineXML failed: invalid argument: could not find capabilities for domaintype=kvm
virsh capabilities
contains only <domain type='qemu'/>
entries.
Demo of inconsistent behavior
Any tool based on libvirt fails to invoke KVM:
$ virt-install --import --virt-type kvm --name debian10-vm --memory 512 --disk path=/debian.qcow2,format=qcow2 --os-variant debian10 --noautoconsole || echo "Exit code: $?"
ERROR Host does not support domain type kvm for virtualization type 'hvm' arch 'x86_64'
Exit code: 1
But qemu-kvm works when executed directly:
$ kvm -nographic /debian.qcow2
cSeaBIOS (version 1.12.0-1)
iPXE (http://ipxe.org) 00:03.0 C980 PCI2.10 PnP PMM+07F900F0+07ED00F0 C980
Press Ctrl-B to configure iPXE (PCI 00:03.0)...
Booting from Hard Disk...
GNU GRUB version 2.02+dfsg1-20
...
Diagnostics
lsmod
shows that kvm and kvm_intel are loadedcat /proc/cpuinfo
– contains vmx flaglscpu
– Virtualization type: fullkvm-ok
– OKls -l /dev/kvm
– exists, owned by root:rdmals -l /var/run/libvirt
– sockets exist, owned by root:rootwhoami
– rootgroups $(whoami)
– rootsystemctl status
– systemd is not started, libvirtd was launched via CI
rulesvirt-host-validate
– all checks pass, except IOMMU – should not be
important for my use case
Full listings are available in the CI log, section "kvm_before".
Best Answer
Most distro libvirt packages will be configured to run qemu as qemu:qemu user. See the UID+GID reported by
virsh --connect qemu:///system capabilities | grep baselabel
. If that's the case for your distro, then qemu doesn't have permissions to access /dev/kvm, so libvirt is not advertising kvm support.chmod 666 /dev/kvm
should fix it. This is the default in Fedora FWIW