This document describes how to enable nested virtualization on a virtual machine (VM) instance and how to confirm that you can create a nested VM. Enable nested virtualization on a VM by using one of the following methods:
Recommended. Enable nested virtualization directly on a new or existing VM by setting the
enableNestedVirtualization
field totrue
while creating the VM or by updating the VM. This is the recommended method because it doesn't require that you create a custom image or use the special license key.Enable nested virtualization by using the special license key by creating a boot disk, creating a custom image with the special nested virtualization license key, and then creating a VM that uses the custom image.
Before you begin
-
If you haven't already, then set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
- Set a default region and zone.
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
For more information, see Authenticate for using REST in the Google Cloud authentication documentation.
-
Enable nested virtualization directly on a new VM
Permissions required for this task
To perform this task, you must have the following permissions:
-
For enabling nested virtualization directly on a new VM, you need the
compute.instances.create
permissions on the project, folder, or organization.
Enable nested virtualization directly on a VM by using the following procedure.
Create an L1 VM with nested virtualization enabled by using the
following gcloud compute instances create
command:
gcloud compute instances createVM_NAME \ --enable-nested-virtualization \ --zone=ZONE \ --min-cpu-platform="Intel Haswell"
Replace the following:
VM_NAME
: the name of the new L1 VM with nested virtualization enabledZONE
: the zone for the new L1 VM with nested virtualization enabled
Create an L1 VM with nested virtualization enabled by using the
following instances.insert
method:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID /zones/ZONE /instances { ... "name": "VM_NAME ", ... "minCpuPlatform": "Intel Haswell", "advancedMachineFeatures": { "enableNestedVirtualization": true }, ... }
Replace the following:
PROJECT_ID
: the project IDZONE
: the zone for the new L1 VM with nested virtualization enabledVM_NAME
: the name of the new L1 VM with nested virtualization enabled
Enable nested virtualization directly on an existing VM
Permissions required for this task
To perform this task, you must have the following permissions:
-
For enabling nested virtualization directly on a new VM, you need the
compute.instances.create
permissions on the project, folder, or organization.
Enable nested virtualization on an existing VM by using the following procedure.
Export the properties of the VM by using the following
gcloud compute instances export
command:gcloud compute instances export
VM_NAME \ --destination=YAML_FILE_PATH \ --zone=ZONE Replace the following:
VM_NAME
: the name of the VM from which to export propertiesYAML_FILE_PATH
: the path and file name of a .yaml file in which to save the exported configuration dataZONE
: the zone that contains the VM
In the VM configuration file that was saved in FILE_PATH, update the value for
enableNestedVirtualization
. If the value is not in the file, add the following:advancedMachineFeatures: enableNestedVirtualization: true
Update the VM with the value for
enableNestedVirtualization
by using the followinggcloud compute instances update-from-file
command:gcloud compute instances update-from-file
VM_NAME \ --source=FILE_PATH \ --most-disruptive-allowed-action=RESTART \ --zone=ZONE Replace the following:
VM_NAME
: the name of the VM to updateFILE_PATH
: the path to the updated VM configuration fileZONE
: the zone that contains the VM to update
Update the value for enableNestedVirtualization
by using the following
instances.update
method:
PUT https://compute.googleapis.com/compute/v1/projects/PROJECT_ID /zones/ZONE /instances/VM_NAME ?most_disruptive_allowed_action=RESTART { ⋮ "advanced_machine_features": { ⋮ "enableNestedVirtualization": "true" }, ⋮ }
Replace the following:
PROJECT_ID
: the ID of the projectZONE
: the zone that contains the VMVM_NAME
: the name of the VM from which to export properties
Enable nested virtualization by using the special license key
Permissions required for this task
To perform this task, you must have the following permissions:
compute.disks.create
on the project, folder, or organizationcompute.images.create
on the project, folder, or organizationcompute.disks.delete
on the project, folder, or organizationcompute.instances.create
on the project, folder, or organization
You can enable nested virtualization on VM by creating a custom image with a special license key that enables VMX on the L1 VM. The license key does not incur additional charges.
Create a boot disk from a public image or from a custom image. The following example uses
debian-cloud
for the image project anddebian-10
for the image family. If you already have a VM instance with an existing disk, you can skip this step.gcloud compute disks create
DISK_NAME \ --zone=ZONE \ --image-project=debian-cloud \ --image-family=debian-10Replace the following:
DISK_NAME
: the name of the new diskZONE
: the zone to create the disk in
POST https://compute.googleapis.com/compute/v1/projects/
PROJECT_ID /zones/ZONE /disks { ... "name": "DISK_NAME ", "sourceImage": "projects/debian-cloud/global/images/family/debian-10", ... }Replace the following:
PROJECT_ID
: the project IDZONE
: the zone to create the disk inDISK_NAME
: the name of the new disk
Create a custom image with the special license key that is required for nested virtualization.
gcloud compute images create
IMAGE_NAME \ --source-diskDISK_NAME \ --source-disk-zoneZONE \ --licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"Replace the following:
IMAGE_NAME
: the name of the new imageDISK_NAME
: the name of the previously created diskZONE
: the zone to create the image in
POST https://compute.googleapis.com/compute/v1/projects/
PROJECT_ID /global/images { ... "licenses": ["projects/vm-options/global/licenses/enable-vmx"], "name": "IMAGE_NAME ", "sourceDisk": "zones/ZONE /disks/DISK_NAME ", ... }Replace the following:
PROJECT_ID
: the project IDIMAGE_NAME
: the name of the new imageZONE
: the zone to create the image inDISK_NAME
: the name of the previously created disk
Optionally delete the source disk after creating the image with the special license.
gcloud compute disks delete
DISK_NAME --zone=ZONE Replace the following:
DISK_NAME
: the name of the disk to deleteZONE
: the zone containing the disk to delete
DELETE https://compute.googleapis.com/compute/v1/projects/
PROJECT_ID /zones/ZONE /disks/DISK_NAME Replace the following:
PROJECT_ID
: the project IDZONE
: the zone containing the disk to deleteDISK_NAME
: the name of the disk to delete
Create a VM that uses the new image with the special license. The minimum CPU platform must be
"Intel Haswell"
.gcloud compute instances create
VM_NAME \ --zone=ZONE \ --min-cpu-platform "Intel Haswell" \ --imageIMAGE_NAME Replace the following:
VM_NAME
: the name of the VMZONE
: the zone to create the VM inIMAGE_NAME
: the name of the previously created image
POST https://compute.googleapis.com/compute/v1/projects/
PROJECT_ID /zones/ZONE /instances { ... "name": "VM_NAME ", "minCpuPlatform": "Intel Haswell", "disks": [ { "initializeParams": { "sourceImage": "IMAGE_NAME " } } ] ... }Replace the following:
PROJECT_ID
: the project IDVM_NAME
: the name of the VMZONE
: the zone to create the VM inIMAGE_NAME
: the name of the previously created image
Confirm that nested virtualization is enabled on the VM
Connect to the VM instance.
gcloud compute ssh
VM_NAME Replace
VM_NAME
with the name of the VM to connect to.Confirm that nested virtualization is enabled. Any response other than
0
confirms that nested virtualization is enabled.grep -cw vmx /proc/cpuinfo