A subset of nodepool providers have KVM nested virtualization enabled.
At present, examples are Vexxhost, OVH, FortNebula and Limestone.
We've had a pre-run script for CI to enable KVM when running in one of
those providers. This has some drawbacks:
1. With Zuul v3, DEVSTACK_GATE_LIBVIRT_TYPE is obsoleted in favor of
LIBVIRT_TYPE in devstack_localrc.
2. The list was outdated (e.g. Vexxhost and FortNebula were not in).
3. Some of the nested virt friendly providers have mixed KVM/TCG
3. Enablement of nested virtualization would require updating of the KVM
providers list in our side.
When LIBVIR_TYPE=KVM, devstack checks if KVM is really available (via
devstack/lib/nova). If it is not, it falls back to qemu (TCG). This
check is available since at least Mitaka.
Also, some provider nodes expose a generic CPU model. Libvirt matches
the named CPU model to the closest from the host. As a result, the
matched one may not include the CPUID parameter which seems to be
required for nested virtualization. This find-by-match (cpu_mode option
in Nova) can be switched "host-passthrough" in which case will cause
libvirt to tell KVM to passthrough the host CPU with no modifications.
The disadvantage of this mode is guests can only be migrated to an
exactly matching host CPU, but we don't need this in CI.