B.2. Using KVM Virtualization on IBM Z
Installation
On IBM Z hosts, the KVM hypervisor has to be installed in a dedicated logical partition (LPAR). Running KVM on the z/VM OS is not supported. The LPAR also has to support the start-interpretive execution (SIE) virtualization extensions.
To install KVM Virtualization on Red Hat Enterprise Linux 7 for IBM Z:
- Install the host system from the bootable image on the Customer Portal - for detailed instructions, see the Installation guide.
- Ensure that your system meets the hypervisor requirements:
- Verify that the CPU virtualization extensions are available:
#
grep sie /proc/cpuinfo
The output of this command must include thesie
entry, which indicates that your processor has the required virtualization extension.features : esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te sie
- Load the KVM kernel module:
#
modprobe kvm
- Verify that the KVM kernel module is loaded:
#
lsmod | grep kvm
If KVM was loaded successfully, the output of this command includeskvm
. If it does not, make sure that you are using the kernel-alt version of the kernel for Red Hat Enterprise Linux 7.
- Install the qemu-kvm-ma package in addition to other virtualization packages described in Chapter 2, Installing the Virtualization Packages.
- When setting up guests, it is recommended to configure their CPU in one of the following ways to protect the guests from the "Spectre" vulnerability:
- Use the host CPU model, for example as follows:
<cpu mode='host-model' check='partial'> <model fallback='allow'/> </cpu>
This makes theppa15
andbpb
features available to the guest if the host supports them. - If using a specific host model, add the
ppa15
andbpb
features. The following example uses thezEC12
CPU model:<cpu mode='custom' match='exact' check='partial'> <model fallback='allow'>zEC12</model> <feature policy='force' name='ppa15'/> <feature policy='force' name='bpb'/> </cpu>
Note
When using theppa15
feature with thez114
andz196
CPU models on az12
host machine, make sure to use the latest microcode level (bundle 95 or later).
Architecture Specifics
KVM Virtualization on Red Hat Enterprise Linux 7.5 for IBM Z differs from KVM on AMD64 and Intel 64 systems in the following:
- The SPICE and VNC protocols are not available and virtual graphical card devices are not supported on IBM Z. Therefore, displaying the guest graphical output is not possible.
- Virtual PCI and USB devices are not supported on IBM Z. This also means that virtio-*-pci devices are unsupported, and
virtio-*-ccw
devices should be used instead. For example, usevirtio-net-ccw
instead ofvirtio-net-pci
. - The <boot dev='device'/> XML configuration element is not supported on IBM Z. To define device boot order, use the <boot order='number'/> element in the <devices> section. For an example, see the upstream libvirt documentation.
Note
Using <boot order='number'/> for boot order management is preferred also on AMD64 and Intel 64 hosts. - SMBIOS configuration is not available.
- The watchdog device model used on IBM Z should be
diag288
. - To enable the nested virtualization feature on IBM Z, do the following. Note that like on AMD64 and Intel 64 systems, nested virtualization is available as a Technology Preview on IBM Z, and therefore is not recommended for use in production environments.
- Check whether nested virtualization is already enabled on your system:
$
cat /sys/module/kvm/parameters/nested
If this command returns1
, the feature is already enabled.If the command returns0
, use the following steps to enable it. - Unload the
kvm
module:#
modprobe -r kvm
- Activate the nesting feature:
#
modprobe kvm nested=1
- The nesting feature is now enabled only until the next reboot of the host. To enable it permanently, add the following line to the
/etc/modprobe.d/kvm.conf
file:options kvm nested=1
- The
kvm-clock
service is specific to AMD64 and Intel 64 systems, and does not have to be configured for time management on IBM Z.