The following are known restrictions for the service for the users. The aim is to resolve these with the relevant open source community.
- Security groups for virtual machines under OpenStack are currently not created correctly when using the cells configurations for large cloud configurations. The default rule therefore lets all traffic and the VMs should be configured to using iptables to control access to the TCP/IP ports launchpad
- The OpenStack client which supports Kerberos and X.509 authentication as well as passwords has some missing functionality which requires use of the alternative commands (such as nova or cinder). These in turn require currently password authentication.
- Not all OpenStack features have been configured in the CERN cloud. The following is a non-exhaustive list.
- Instance shelving and unshelving
- Volume backup using cinder-backup (openstack backup create command)
- Resizing Virtual Machines
- OpenStack services other than those covered in the documentation are not configured.
- Pie charts in the OpenStack web interface do not display correctly on Internet Explorer version 9 and 10. Internet Explorer 11 displays correctly. This is unlikely to be resolved.
- The EC2 interface compatibility has several restrictions or incomplete implementations. The reported ones are
- InstanceInstantiatedShutdownBehavior is not implemented
- Tags are not implemented
- Rate limiting is not applied, thus an EC2 client is able to create significant load on the cloud controllers