Policies and Best Practices

Good citizenship:

Resource recovery policies:

  • Instances that have been suspended or stopped can be shelved after two (2) weeks in said state.

  • Shelved images/instances will be deleted after six (6) months of inactivity

  • All entities owned by a project will be deleted 6 months after an allocation ends; , e.g.  running instances, images, objects, volumes, networks, IPs allocated etc.

  • NOTE: If you are using a community-contributed image (i.e. non-Featured image) that belongs to another Atmosphere user, if that user no longer has an allocation or is removed for other reasons, their image will go away as well! If your work is dependent on someone else's image, you might consider making your own version using the instructions Customizing and saving a VM

Acceptable Usage:

Security:

  • Periodically apply operating system updates to your running VMs:

    • The Ubuntu 20.04, 18.04, 16.04 and Centos 7 featured images are utilizing unattended security updates. Instances will not reboot, but they will apply any update marked as a security update.  It's still a good idea to update your VM, just in case.

      • CentOS: sudo yum update

      • Ubuntu: sudo apt-get update then sudo apt-get upgrade 

    • If the kernel or glibc/libc packages are being updated, rebooting is necessary to implement those updates

    • Always run updates before requesting a new custom image in Atmosphere

    • An actively updating instance may be slow to deploy and may require a redeploy or even a reboot after updating in order to fully successfully deploy.

  • Remember to logout from the menu at the top right (where it shows your username).

    • This ensures that you do not inadvertently allow others to access your Jetstream account.

  • Update and configure software that utilizes the network to preclude unauthorized access.

    • Commonly neglected examples include MongoDB.

Image management policies:

  • As operating systems near the end of their supported life cycles, they will be removed from Featured Images. In addition, custom images based on those operating systems will no longer be supported on Atmosphere. You may be notified that you must migrate your workflows to a newer version of the operating system you're using. Security policies noted above require that any operating system that is no longer receiving timely security patching may not remain in service on IU or TACC networks.

Software Installation/Development:

  • SSH/SSHD:

    • The Secure Shell client (SSH) and daemon (SSHD) come preinstalled on all instances.

    • Configurations settings appropriate and/or required for normal Jetstream operation have been put in place.

      • Removing components/settings of the ssh configuration as presented in a fresh deployment MAY PREVENT SUCCESSFUL CLOUD DEPLOYMENT and/or LOCK YOURSELF OUT OF AN INSTANCE.

    • Under normal circumstances, SSH/SSHD should not need to be upgraded or reinstalled.

    • If you do reinstall or modify SSH/SSHD or the related configuration settings, you may disrupt essential Jetstream features and MAY LOCK YOURSELF AND ADMINISTRATORS OUT OF THE INSTANCE.

      • Fixing this may be difficult or impossible, thus forcing you to delete your instance.

  • Python:

    • Python2 comes preinstalled on all featured images. This will change in the future as Python2 is deprecated and all operations for Jetstream will utilize or are utilizing Python3

    • Configurations settings appropriate and/or required for normal Jetstream operation have been put in place.

    • If you wish to reconfigure, reinstall, or upgrade Python, we recommend implementing a user-level virtual-environment technology,
      such as VIRTUALENV, ANACONDA, or MINICONDA to avoid conflicts with the system-level installation.

    • If you do reinstall or modify Python or the related configuration settings or remove it from the system PATH, you may disrupt essential Jetstream features and MAY PREVENT SUCCESSFUL BOOTING AND CLOUD DEPLOYMENT.

      • Fixing this may be difficult or impossible, thus forcing you to delete your instance.

    • Be aware that some PIP upgrades, even within Python2 or within Python3, particularly from pip9 to a higher version, require several additional steps to ensure continued instance operation or backward compatibility with installed software.

Updating only security packages

While updating all packages is recommended, if you would just like to install security updates, you can do the following:

Ubuntu 16 and 18 and 20
1 2 grep security /etc/apt/sources.list | sudo tee /etc/apt/security.sources.list sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list



CentOS 7 and up
1 sudo yum update --security