There seems to be an issue with getting nested virtualization to work properly with xcp-ng using the AMD Ryzen 5 3600 CPU.
I've tried with the following Linux Distros in Guest VMs:
- Fedora v40
- Debian 12
- Ubuntu 22.04 LTS
I've had no success with libvirt or docker-desktop (docker engine seems fine though) in any of the Linux Distro's
I want to clarify that I ran the test command for amd_kvm from the xcp-ng hosted Guest VM terminals:
'# cat /sys/module/kvm_amd/parameters/nested'
and got the expected "Y" or "1" result - which should indicate that Nested Virtualization is enabled properly (I set them all up for Nested V through XOA).
Trying to get Docker Desktop to work on guest Linux VMs running on XCP-NG
I've tried to use Docker Desktop with Linux Debian12, Ubuntu 22, Rocky 9 and Fedora v40 guests, all having Gnome GUIs + recommended Gnome extentions (Gnome extensions: https://extensions.gnome.org/extension/615/appindicator-support/ ; per Docker docs: https://docs.docker.com/desktop/install/fedora/ ),
... but the all either hang at "Docker Engine Starting..." or lock the OS up with 100% CPU usage that requires a "Force Reboot".
Does anyone have a known fix for this issue? I can get Docker Desktop to work on bare metal PCs/Laptops with Linux and Windows ok, but not within a guest Linux VM with nested virtualization enabled on an XCP-NG Hypervisor.
I've tried everything there is in the Docker official docs:
https://docs.docker.com/desktop/troubleshoot/overview/
https://docs.docker.com/config/daemon/troubleshoot/
And in some cases, was able to get a slight change in behavior, where some Linux distros were locking up without the GUI window showing first, the GUI for "Accept" would at least appear, but eventually "hang" and fail to start with the same "Docker Engine is starting..." status message.
Oddly, the actual Docker Engine seems to work fine, by itself. The current workaround is to use podman desktop (installed via flatpak/flathub) with both podman and docker installed together (with caveats for Fedora and Rocky - https://faun.pub/how-to-install-simultaneously-docker-and-podman-on-rhel-8-centos-8-cb67412f321e ) - Using Podman Desktop provides a semi-funtional featureset for managing containers in the Gnome DT GUI but its not ideal.
The issue is seemingly only with Docker Desktop, itself, and not with Docker Engine.
Since Docker Desktop did not work, I then attempted using libvirt / virt-manager
After trying fresh installs of all 3 Linux Distros and installing libvirt + virt-manager, there were no bootable guest VMs to complete the install process. For the bootable ISO install images, I tried the following:
- Alpine Linux v3.17
- Debian 12
- Rocky 9
In all attempts, never did any of the images boot up with libvirt in the cli, not with virt-manager in a Gnome GUI on any of the above mentioned "nested host as a VM on xcp-ng"
- There is just a blank / black screen for virt-manager
- There guest VMs show as "running" but there is no network (DHCP never assigns an IP) or disk activity for the "nested" VM, if I attempt something like this articles (libvirt without the GUI):
- https://stackoverflow.com/questions/64792580/libvirt-virt-install-hangs-on-installation
While I did have some success at running docker engine, and I am able to run Kubernetes directly on xcp-ng "non-nested VMs", I have a need to separate each K8s cluster and isolate the networks (as much as possible) for testing purposes.
Has anyone else ran into the issue of being unable to use a nested virtualization configuration on a xcp-ng host within a Linux Guest VM with nested virtualization enabled and found a solution for this problem?
Which logs could I check for any errors that might be relevant to finding the solution for the root of this issue?
Any assistance anyone might be able to offer is greatly appreciated!