Open Stack

Hi everyone!

I have a question about enabling nested KVM, or for that matter
passing in any required CPU features to an instance, in combination
with using a "custom" cpu-mode. My compute nodes (Ocata) are
configured to run with cpu_mode=custom, cpu_model=IvyBridge. They are
also configured for nested KVM per the kvm_intel nested=Y module
parameter. virsh capabilities on any compute node correctly yields
<feature name='vmx'/> for the host CPU.

Now, when I schedule an instance to that compute node, it ends up with
a CPU configuration as shown in
http://paste.openstack.org/show/717923/, which means it is not capable
of doing any nested KVM. If I then log onto the compute node, and hack
the libvirt domain config with virsh edit, and I fix up the CPU
configuration to match http://paste.openstack.org/show/717934/, then I
can virsh shutdown/virsh start the domain and when it comes back up,
voilà nested KVM.

So my question is, do I have any way to inject that <feature
policy='require' name='vmx'/> bit into an instance from Nova? Way back
around the Essex release we had a libvirt.xml.template
(https://blog.dachary.org/2012/09/26/openstack-nested-virtual-machines/),
but that was dropped somewhere along the way — is there a contemporary
way to do this?

Looking forward to any insight, which I'll be exceptionally grateful
for. Thanks in advance!

Cheers,
Florian