Policies and Best Practices

Good citizenship:

• Each instance burns SUs for the time it is in operation.

  • It is beneficial to you and other Jetstream users to detach volumes and then shelve instances when they are not in active use.

  • This frees up resources for other users and also preserves more of your SUs for future use.

  • Additional information on VM sizes and SU burn rates may be found here - https://iujetstream.atlassian.net/wiki/spaces/JWT/pages/17465371/Virtual+Machine+Sizes+and+Configurations and here https://iujetstream.atlassian.net/wiki/spaces/JWT/pages/537329680/XSEDE+Service+Units+and+Jetstream

Resource recovery policies:

• Instances that have been suspended or stopped can be shelved after two (2) weeks in said state.

• Shelved images/instances will be deleted after six (6) months of inactivity

• All entities owned by a project will be deleted 6 months after an allocation ends; , e.g.  running instances, images, objects, volumes, networks, IPs allocated etc.

• NOTE: If you are using a community-contributed image (i.e. non-Featured image) that belongs to another Atmosphere user, if that user no longer has an allocation or is removed for other reasons, their image will go away as well! If your work is dependent on someone else's image, you might consider making your own version using the instructions Customizing and saving a VM

Acceptable Usage:

• https://iujetstream.atlassian.net/wiki/spaces/JWT/pages/1914634248/Acceptable+Use+Policies+and+Research+and+Export+Control+Guidance

  • This includes EAR sanctioned countries and countries under heightened restrictions, as well as definitions for fundamental research

  • As stated in the XSEDE Usage Policy, users of the Jetstream system are expected to abide by policies established by the service providers.

    • Indiana University 

      • IT-02 Misuse and Abuse of Information Technology Resources 

      • IT-12 Security of Information Technology Resources

    • TACC

      • Acceptable Use Policy

• https://iujetstream.atlassian.net/wiki/spaces/JWT/pages/1917059098/Acceptable+Usage+Policies+for+Jetstream-hosted+Gateways - this also includes a link to a sample AUP you should consider implementing for your gateway

Security:

• Periodically apply operating system updates to your running VMs:

  • The Ubuntu 20.04, 18.04, 16.04 and Centos 7 featured images are utilizing unattended security updates. Instances will not reboot, but they will apply any update marked as a security update.  It's still a good idea to update your VM, just in case.

    • CentOS: sudo yum update

    • Ubuntu: sudo apt-get update then sudo apt-get upgrade 

  • If the kernel or glibc/libc packages are being updated, rebooting is necessary to implement those updates

  • Always run updates before requesting a new custom image in Atmosphere

  • An actively updating instance may be slow to deploy and may require a redeploy or even a reboot after updating in order to fully successfully deploy.

• Remember to logout from the menu at the top right (where it shows your username).

  • This ensures that you do not inadvertently allow others to access your Jetstream account.

• Update and configure software that utilizes the network to preclude unauthorized access.

  • Commonly neglected examples include MongoDB.

Image management policies:

• As operating systems near the end of their supported life cycles, they will be removed from Featured Images. In addition, custom images based on those operating systems will no longer be supported on Atmosphere. You may be notified that you must migrate your workflows to a newer version of the operating system you're using. Security policies noted above require that any operating system that is no longer receiving timely security patching may not remain in service on IU or TACC networks.

  • Ubuntu Support Life Cycle - https://www.ubuntu.com/info/release-end-of-life

  • CentOS Support Life Cycle - https://wiki.centos.org/FAQ/General#head-fe8a0be91ee3e7dea812e8694491e1dde5b75e6d

Software Installation/Development:

• SSH/SSHD:

  • The Secure Shell client (SSH) and daemon (SSHD) come preinstalled on all instances.

  • Configurations settings appropriate and/or required for normal Jetstream operation have been put in place.

    • Removing components/settings of the ssh configuration as presented in a fresh deployment MAY PREVENT SUCCESSFUL CLOUD DEPLOYMENT and/or LOCK YOURSELF OUT OF AN INSTANCE.

  • Under normal circumstances, SSH/SSHD should not need to be upgraded or reinstalled.

  • If you do reinstall or modify SSH/SSHD or the related configuration settings, you may disrupt essential Jetstream features and MAY LOCK YOURSELF AND ADMINISTRATORS OUT OF THE INSTANCE.

    • Fixing this may be difficult or impossible, thus forcing you to delete your instance.

• Python:

  • Python2 comes preinstalled on all featured images. This will change in the future as Python2 is deprecated and all operations for Jetstream will utilize or are utilizing Python3

  • Configurations settings appropriate and/or required for normal Jetstream operation have been put in place.

  • If you wish to reconfigure, reinstall, or upgrade Python, we recommend implementing a user-level virtual-environment technology,
    such as VIRTUALENV, ANACONDA, or MINICONDA to avoid conflicts with the system-level installation.

  • If you do reinstall or modify Python or the related configuration settings or remove it from the system PATH, you may disrupt essential Jetstream features and MAY PREVENT SUCCESSFUL BOOTING AND CLOUD DEPLOYMENT.

    • Fixing this may be difficult or impossible, thus forcing you to delete your instance.

  • Be aware that some PIP upgrades, even within Python2 or within Python3, particularly from pip9 to a higher version, require several additional steps to ensure continued instance operation or backward compatibility with installed software.

Updating only security packages

While updating all packages is recommended, if you would just like to install security updates, you can do the following:

Ubuntu 16 and 18 and 20

CentOS 7 and up