-
Notifications
You must be signed in to change notification settings - Fork 3.1k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable nested virtualization #183
Comments
This feature is enabled by default in Travis CI. So I wonder why not here? |
It looks like this is likely because azure only supports nested virtualization on dv3 or above https://azure.microsoft.com/en-ca/blog/nested-virtualization-in-azure/ but azure runs on ds2 instances: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/virtual-environments-for-github-hosted-runners#cloud-hosts-for-github-hosted-runners This seems to be older than dv3 from the catalogue: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general#dsv2-series vs https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general#dv3-series-1 I haven't checked the exact CPU features, but i wonder if Hyper-V powering azure needs to work with a specific CPU family / featureset? Has anyone tried just running KVM on azure? What happens? Is there even support for it in the stock azure / ubuntu kernel for bionic? |
My use-case is I'd like to run an android emulator on Github Actions btw, like with https://github.com/google/android-emulator-container-scripts |
When I run:
This indicates there isn't CPU support, at least not passed through to the guest. I installed kvm packages and was able to modprobe Unless Azure adds support for this, or github actions switches / offers other machine classes, I don't think nested virtualization can be done. |
Travis supports not only nested virtualization but also https://github.com/felipecassiors/ubuntu1804-4dev/blob/master/.travis.yml The support for nested virtualization is out-of-the-box there, where I use to build a Vagrant box using VirtualBox. |
https://github.com/actions/virtual-environments/blob/master/images/macos/macos-10.15-Readme.md
macOS instances seem to support nested virtualization? |
+1, I would also really like to see this. I wonder what went wrong, if I manually spin up an equivalent Azure VM, it has |
Seems like it is possible indeed: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nested-virtualization |
Yes azure supports it but not the instance type GitHub actions runs on |
Works fine on Travis ^^ |
+1 - Building vagrant boxes using packer is not currently possible with GitHub Actions, unless we self-host a runner. Same with Azure DevOps (which appears to use the same hosted images as GitHub Actions). So, if this got prioritized, you would maybe solve this on both platforms. |
I suspect that with self-hosted runners on azure you could circumvent this issue, as jobs could be dispatched to a host that supports nested virtualization. The current worker that actions runs on in their free offering just doesn’t have a processor that supports this. I suspect that if this feature is ever offered, it will be when a compatible processor is bumped into this low-tier instance class. Until then, self-hosted runners could be feasible but only really for corporate users. |
I wouldn't mind a self-hosted runner, but I need nested virtualization for a public project, and those aren't really usable with self-hosted runners: https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories |
Yes, exactly, that's also the reason we can't use them. |
Would also love this to be able to use packer to build images. |
+1 |
Unfortunately we can't support this feature at this time, that said the feedback here is valuable and we will definitely keep it in mind . Thanks all. |
I am another +1 on this but I do understand that GitHub prefers to run its runners (sic) on hardware that might not support nested virtualization out of the box. Of course anyone can do a self-hosted runner on hardware that does support nested-virtualization and do it that way. Any input from tyhe GitHub team on when their runner hardware will support nested? |
@sbates130272 - Unfortunately that's not quite true, because self-hosted runners are a security risk for public repos. |
on the larger runners if you add yourself to the KVM user group on Linux, you should be good to go.
Though this is not formally supported yet as we are still sorting the bits for Windows to work, though that should come in the next few weeks along with a change log documenting this as in support for runners >4 cores. If anyone has any feedback on this or concerns or has issues I would <3 to hear. |
Thank you so much! Will experiment with this and get back to you. This is very exciting. |
Did you mean |
I first misread this and tried it on the normal (base) runners.
resulting in:
Are there any plans on supporting KVM on the "normal" runner VMs @nebuk89? |
Now Flutter removes OpenGL support in |
@mattjohnsonpint I did mean >= ! So 4-core will work. @maxkratz not right now :( this is a test for us to see how people use it and to ensure our ability to detect bad actors abusing Actions when we have nested virt as another tool in the mix. @Gustl22 a good question, @Steve-Glass is doing research into the future of what we offer on the Mac runners specifically :) I suspect we don't have an answer quite yet as 3.7 has only been out a week or so. It could be worth breaking that out into a separate issue? |
@nebuk89 You mean a separate issue for GPU support on MacOS (maybe with Apple Silicon / M1) or for the specific Flutter 3.7 issue? Edit: seems like there's a light at the end of the tunnel by supporting Linux and Windows nested virtualisation, let's hope it is usable on the free plan as well some day :) |
Thank you for the clarification. |
👋 @Gustl22 With regard to your prior comment:
I would be great if a separate issue is filed for GPU support on macOS. Having customer submitted issues for this feature helps with establishing the priority of upcoming investigations. You can tag me in it as well 😄 |
Hm, this is suboptimal:
The better alternative is to widen the permission via udev, since it doesn't require a re-login nor such a hack. See my Stackoverflow answer for details. |
Hey folks, hope you don't mind us chiming in here. actuated supports launching VMs within CI, so long as Linux + KVM are all you need. Launching Firecracker in a GitHub Action: https://twitter.com/welteki/status/1625487015650410496?s=20 Running a NixOS build in a GitHub Action https://twitter.com/welteki/status/1625419864029466624?s=20 Nested virtualisation extensions are required on the host, so this only works on x86_64 for now. |
https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/ << announced as live and thank you @gsauthof for the recommendation on how to better approach the KVM group :) it works and is what I have in the change log (I hope it was ok to credit you there!) |
That's so cool @nebuk89, congrats on shipping a much requested feature! |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
I don't know which is the hypervisor used to spin the VMs, but enabling nested virtualization would be a great enhancement. For example, this way we could build Vagrant boxes in GitHub Actions.
The text was updated successfully, but these errors were encountered: