Skip to content

OpenStack service limitations

OpenStack users, groups, and roles

Administrative privileges

No OpenStack user that you create while enabling the OpenStack CLI ever gets privileges exceeding administrative rights bound to a project.

This means that you cannot use an OpenStack user to create a new project. You must do so via the Cleura Cloud Management Panel, or the Cleura Cloud REST API.

It also means that you cannot use the following openstack CLI commands; they all return Unauthorized (HTTP 403):

  • openstack user [create|delete|list|set].

    You can use openstack user show and openstack user password set, but only for your own user account.

  • openstack group <subcommand>
  • openstack role <subcommand>
  • openstack project <subcommand> (except list).

    You can use openstack project list, but this will only list the project(s) that your user account has access to.

  • openstack domain <subcommand>

Nova

Nested virtualization

Running nested virtualization is only supported for Nova instances (servers) running Linux. The server must run a Linux kernel of version 5.0 or later, and QEMU/KVM 4.1 or later.

This means that you can run nested virtualization on servers booted from a CentOS 9 (or later), Ubuntu 20.04 (or later), or Debian 11 (or later) base image.

Furthermore, you must ensure that the Nova server passes the pcid CPU feature flag to nested guests.

Maximum attached volumes per server

A Nova server in Cleura Cloud can concurrently attach a maximum of 25 persistent volumes. This is a limitation of the virtio-blk storage driver that ships as part of the guest operating system’s kernel.

Neutron

Dynamic routing

Neutron in Cleura Cloud does not support dynamic routing protocols in a customer-accessible manner. We currently do not expose the ability to configure BGP speakers or peers.

While Cleura Cloud does use BGP dynamic routing internally, our Neutron configuration restricts the ability to use these features to administrative accounts only.

Octavia

Dual-stack support

A single load balancer managed by OpenStack Octavia can support IPv4 or IPv6, but not both. To expose a service via IPv4 and IPv6, you must set up two separate load balancers pointing to the same backend.

Designate

The OpenStack Designate DNS-as-a-service (DNSaaS) facility is currently not available in Cleura Cloud. You must manage your own DNS records for public IP addresses.

Manila

The OpenStack Manila filesystem-as-a-service (FSaaS) facility is currently not available in Cleura Cloud. If you require multiple servers to be able to access the same files, create a server that exposes an internal NFS or CIFS service, backed by a Cinder volume.

Last update: 2023-09-04
Created: 2023-02-28
Authors: Florian Haas