B.2. Using KVM Virtualization on IBM z Systems

Installation

On IBM z System hosts, the KVM hypervisor has to be installed in a dedicated logical partition (LPAR). Running KVM on the z/VM OS is not supported. The LPAR also has to support the so-called start-interpretive execution (SIE) virtualization extensions.
To install KVM Virtualization on Red Hat Enterprise Linux 7 for IBM z Systems:
  1. Install the system from the bootable image on the Customer Portal - for detailed instructions, see the Installation guide.
  2. Ensure that your system meets the hypervisor requirements:
    • Verify that the CPU virtualization extensions are available:
      # grep sie /proc/cpuinfo
      The output of this command must include the sie entry, which indicates that your processor has the required virtualization extension.
      features        : esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te sie
      
    • Load the KVM kernel module:
      # modprobe kvm
    • Verify that the KVM kernel module is loaded:
      # lsmod | grep kvm
      If KVM was loaded successfully, the output of this command includes kvm. If it does not, make sure that you are using the kernel-alt version of the kernel for Red Hat Enterprise Linux 7.
  3. Install the qemu-kvm-ma package in addition to other virtualization packages described in Chapter 2, Installing the Virtualization Packages.
  4. When setting up guests, it is recommended to configure their CPU in one of the following ways to protect the guests from the "Spectre" vulnerability:
    • Use the host CPU model, for example as follows:
      
      <cpu mode='host-model' check='partial'>
        <model fallback='allow'/>
      </cpu>
      
      This makes the ppa15 and bpb features available to the guest if the host supports them.
    • If using a specific host model, add the ppa15 and bpb features. The following example uses the zEC12 CPU model:
      
      <cpu mode='custom' match='exact' check='partial'>
          <model fallback='allow'>zEC12</model>
          <feature policy='force' name='ppa15'/>
          <feature policy='force' name='bpb'/>
      </cpu>
      

    Note

    When using the ppa15 feature with the z114 and z196 CPU models on a z12 host machine, make sure to use the latest microcode level (bundle 95 or later).

Architecture Specifics

KVM Virtualization on Red Hat Enterprise Linux 7.5 for IBM z Systems differs from KVM on AMD64 and Intel 64 systems in the following:
  • The SPICE and VNC protocols are not available and virtual graphical card devices are not supported on IBM z Systems. Therefore, displaying the guest graphical output is not possible.
  • Virtual PCI and USB devices are not supported on IBM z Systems. This also means that virtio-*-pci devices are unsupported, and virtio-*-ccw devices should be used instead. For example, use virtio-net-ccw instead of virtio-net-pci.
  • The <boot dev='device'/> XML configuration element is not supported on z Systems. To define device boot order, use the <boot order='number'/> in the <devices> section. For an example, see the upstream libvirt documentation.

    Note

    Using <boot order='number'/> for boot order management is preferred also on AMD64 and Intel 64 hosts.
  • SMBIOS configuration is not available.
  • The watchdog device model used on IBM z Systems should be diag288.
  • To enable nested virtualization, do the following. Note that like on AMD64 and Intel 64 systems, the nested virtualization feature is available as a Technology Preview on IBM z Systems, and therefore is not recommended for use in production environments.
    1. 1. Check whether nested virtualization is already enabled on your system:
      $ cat /sys/module/kvm/parameters/nested
      If this command returns 1, the feature is already enabled.
      If the command returns 0, use the following steps to enable it.
    2. 2. Unload the kvm module:
      # modprobe -r kvm
    3. 3. Activate the nesting feature:
      # modprobe kvm nested=1
    4. 4. The nesting feature is now enabled only until the next reboot of the host. To enable it permanently, add the following line to the /etc/modprobe.d/kvm.conf file:
      options kvm nested=1
  • The kvm-clock service is specific to AMD64 and Intel 64 systems, and does not have to be configured for time management on IBM z Systems.