Safe enable nested
* enable nested only when supported
* fix case when have only eth* interfaces
Related-Prod: PRODX-3456
Change-Id: Ie3a732359772017ee3cba3a9fec65d8f69a716e9
diff --git a/de/heat-templates/scripts/instance_boot.sh b/de/heat-templates/scripts/instance_boot.sh
index a4429b9..f81ac55 100644
--- a/de/heat-templates/scripts/instance_boot.sh
+++ b/de/heat-templates/scripts/instance_boot.sh
@@ -576,8 +576,8 @@
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
EOF
- for iface in /proc/sys/net/ipv4/conf/en[sp]*/rp_filter; do
- echo 0 > $iface
+ for iface in $(find /proc/sys/net/ipv4/conf/ -name "enp*" -o -name "ens*" -o -name "eth*"); do
+ echo 0 > $iface/rp_filter
done
sysctl -p /etc/sysctl.d/99-disable-rp-filter.conf
@@ -801,7 +801,8 @@
function nested_virt_config {
-cat << EOF > /etc/modprobe.d/qemu-system-x86.conf
+if grep --color vmx /proc/cpuinfo; then
+ cat << EOF > /etc/modprobe.d/qemu-system-x86.conf
options kvm_intel nested=1
options kvm_intel enable_apicv=1
options kvm_intel ept=1
@@ -809,6 +810,9 @@
modprobe -r kvm_intel || true
modprobe kvm_intel nested=1
+else
+ echo "Nested virtualization is not supported"
+fi
}