From 31d53d92fc325ca439995ba64eec437412d7e145 Mon Sep 17 00:00:00 2001
From: "haidong.pang" <haidong.pang@zstack.io>
Date: Fri, 15 May 2026 18:04:14 +0800
Subject: [PATCH] <fix>[kvm]: trigger nested config deploy

Run KVM ansible when nested KVM config is missing on x86_64 hosts.

Resolves: ZSTAC-84199

Change-Id: I12a0a80b91cb2f78b505a12cfa112cb2279f33ea
---
 .../src/main/java/org/zstack/kvm/KVMConstant.java   |  1 +
 .../kvm/src/main/java/org/zstack/kvm/KVMHost.java   | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/KVMConstant.java b/plugin/kvm/src/main/java/org/zstack/kvm/KVMConstant.java
index 5f08e6fdb98..3968e8c4b3c 100755
--- a/plugin/kvm/src/main/java/org/zstack/kvm/KVMConstant.java
+++ b/plugin/kvm/src/main/java/org/zstack/kvm/KVMConstant.java
@@ -197,6 +197,7 @@ public interface KVMConstant {
     public static final String L2_PROVIDER_TYPE_LINUX_BRIDGE = "LinuxBridge";
 
     public static final String DHCP_BIN_FILE_PATH = "/usr/local/zstack/dnsmasq";
+    String NESTED_KVM_CONF_FILE_PATH = "/etc/modprobe.d/kvm-nested.conf";
     String KVM_HOST_NETWORK_INTERFACE_DEFAULT = "None";
 
     enum KvmVmState {
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/KVMHost.java b/plugin/kvm/src/main/java/org/zstack/kvm/KVMHost.java
index 48370a2a144..93dcb78a07f 100755
--- a/plugin/kvm/src/main/java/org/zstack/kvm/KVMHost.java
+++ b/plugin/kvm/src/main/java/org/zstack/kvm/KVMHost.java
@@ -5804,6 +5804,13 @@ public void run(final FlowTrigger trigger, Map data) {
                         dhcpChecker.setTargetIp(getSelf().getManagementIp());
                         dhcpChecker.setFilePath(KVMConstant.DHCP_BIN_FILE_PATH);
 
+                        SshFileExistChecker nestedKvmConfChecker = new SshFileExistChecker();
+                        nestedKvmConfChecker.setUsername(getSelf().getUsername());
+                        nestedKvmConfChecker.setPassword(getSelf().getPassword());
+                        nestedKvmConfChecker.setSshPort(getSelf().getPort());
+                        nestedKvmConfChecker.setTargetIp(getSelf().getManagementIp());
+                        nestedKvmConfChecker.setFilePath(KVMConstant.NESTED_KVM_CONF_FILE_PATH);
+
                         SshChronyConfigChecker chronyChecker = new SshChronyConfigChecker();
                         chronyChecker.setTargetIp(getSelf().getManagementIp());
                         chronyChecker.setUsername(getSelf().getUsername());
@@ -5834,6 +5841,12 @@ public void run(final FlowTrigger trigger, Map data) {
                         AnsibleRunner runner = new AnsibleRunner();
                         runner.installChecker(checker);
                         runner.installChecker(dhcpChecker);
+                        String architecture = getSelf().getArchitecture();
+                        if (CpuArchitecture.x86_64.name().equals(architecture)) {
+                            runner.installChecker(nestedKvmConfChecker);
+                        } else if (architecture == null) {
+                            logger.debug(String.format("skip nested KVM config checker for host[uuid:%s] because architecture is null", getSelf().getUuid()));
+                        }
                         runner.installChecker(chronyChecker);
                         runner.installChecker(repoChecker);
                         runner.installChecker(callbackChecker);