Hi Kolla team,

I've been troubleshooting an issue for weeks and would really appreciate your insight.

Environment:

• Kolla-Ansible 2025.1 (Epoxy) all-in-one

• Ubuntu 24.04 on VM (nested virtualization)

• OpenStack services seem healthy (nova-compute, neutron, etc. all up)

The Problem:
Any attempt to create a VM (even a tiny Cirros test VM) fails with:

libvirt.libvirtError: cannot fork child process: Resource temporarily unavailable

What Works:

• ✅ Can create networks, subnets, routers, keypairs via CLI

• ✅ Direct qemu-system-x86_64 -enable-kvm test succeeds

• ✅ /dev/kvm exists with correct permissions

• ✅ KVM modules loaded (kvm_intel), nested virt enabled (Y)

Resource Limits (all seem fine):

• RAM: 88 GB, vCPUs: 32

• pid_max: 4,194,304

• kernel.threads-max: 722,077

• ulimit -u: 361,038

• Total host threads: ~111k (well below limits)

Container-Specific Checks:

• nova_compute: pids.max=108k, Max processes=unlimited, only 27 PIDs running

• nova_libvirt: No explicit PidsLimit (<nil>), logs not showing obvious errors

• Libvirt volume only 12KB (no runaway logs)

• Host libvirtd is inactive (no conflict)

What I've Tried:

• Recreated networks/routers multiple times

• Restarted containers

• Verified all endpoints are correctly set to VIP (192.168.58.50)

• Checked kernel logs – no relevant errors

Full error from nova-compute log:

libvirt.libvirtError: cannot fork child process: Resource temporarily unavailable

Has anyone encountered this in an all-in-one deployment where all obvious limits are huge but libvirt still refuses to fork? Could it be a cgroup v2 limit I'm missing, or something in the libvirt container configuration?

Any pointers would be hugely appreciated.

Thanks,
Dennis