ksm process CPU issue on compute nodes

ksmd allows you to oversubscribe your compute nodes by sharing memory pages between your instances running on a compute node.

A CPU tax is to be expected for this process to do his job.  That said, I have been running into an issue where the CPU tax was over 50%.   This is obviously not acceptable.

Here is how to disable ksmd

echo "KSM_ENABLED=0" > /etc/default/qemu-kvm
reboot

Unfortunately, this will mean that you will not be sharing memory pages between instances anymore, using more memory on each node.

ksmd can also be fine-tuned in the following configuration file:

/etc/ksmtuned.conf

But finding the right parameters for your specific configuration can be a time consuming task.

More information can be found here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/sect-KSM-The_KSM_tuning_service.html

Nested virtualization in Openstack

I personally test all kinds of Openstack setups and needed Openstack to run on Openstack (nested virtualization).

Assuming that you have Intel CPUs, you need the vmx cpu flag to be enabled inside your instances.

On your Openstack compute node, enable nested virtualization at the kernel level:

echo "options kvm-intel nested=y" >> /etc/modprobe.d/dist.conf

I believe the following step might be optional in some cases but I also modify by nova.conf file with the following settings:

virt_type=kvm
...
cpu_mode=host-passthrough

* Note that enabling “host-passthrough” will configure your instances CPU with the exact same model as your hardware CPU model. That said, if you have multiple nodes with different CPU models, it will not be possible to live-migrate instances between them anymore.

Reboot your compute node.

Validate that nested virtualization is enable at the kernel level:

# cat /sys/module/kvm_intel/parameters/nested
Y

Validate that virsh capabilities is not supporting the “vmx” feature:

# virsh  capabilities

Lunch an instance on this node, and validate that your instance at the vmx cpu flag enable:

# cat /proc/cpuinfo  |grep vmx

You should not be able to install a new hypervisor inside your instances and support nested virtualization.