Operating System Support Levels

Mission

Out mission is to provide researchers with a stable, supported, robust Linux platform that allows them to perform their research unhindered. To that end, we've designed a few templates of various levels of Linux system autonomy and storage integration.

Types of Support

  • Managed with non-impersonating sudo
  • Managed with full sudo
  • Limited Support
  • Appliance Only
  • Roadmap

Note: Local data is never backed up. Please make sure you copy any important data into your home or extra directory.

Support Matrix

Operating SystemManagedManaged with SudoLimitedLimted with SudoSelf ManagedApplianceDeprecatedRoadMap
Ubuntu 20.04 LTS X X X X X - - -
CentOS8/RHEL8 - - - - X X X -
CentOS7/RHEL7 X X - - X - - -
Ubuntu 18.04 LTS - - - - X - X -
CentOS6/RHEL6 - - - - X X X -
Ubuntu 14.04 LTS - - - - X - X -
CentOS5/RHEL5 - - - - X - X -
Cisco - - - - X - - -
Solaris 10 - - - - X - X -
Netapp OnTAP8 - - - - X X - -
OmniOS - - - - X X -

Types of Support

ManagedManaged with SudoLimitedLimited with SudoSelf Managed
Full Sudo - X - X X
Non-impersonating Sudo X X X X X
Single Sign-on X X X X X
Network Storage via NFS X - X - -
Network Storage via FUSE - X - X X
Backups/Snapshot X - X - -
OS Configuration X X X X -
Self Install - X - X X
Software Library X X X X X
VirtualBox/Vagrant X X X X X
Docker - X - X X

Managed with Non-impersonating Sudo

Managed means that ICS Computing Support will:

  • Provision the operating system
  • Provide constant configuration via puppet
  • Provide Single Sign-on
  • Ensure NFS Access to ICS Storage Servers, home and extra directories, and the Software Library (/pkg).
  • ICS /home /extra directories are snap shotted daily and backed up to tape monthly.
  • Package installs from trusted OS repositories.
  • Compile new software to install in Software Library
  • Sudo for limited number of designated users excluding the commands that allow users to impersonate other users.
  • Any compute role (e.g. MySQL, Apache, MongoDB, Cycle Server)
  • Service configuration
  • Service and resource Monitoring

Managed with Full Sudo

Managed with Sudo will include everything from Managed with the following changes:

  • Full Sudo
  • ICS Storage Servers, home and extra directories, are only available via FUSE.
  • There are no snapshots or backups, user must backup data to ICS Storage Servers.
  • Docker is available.

Limited Managed

The intent of the limited support operating system offering is to provide to researchers with a resource required for a specific use case. ICS computing support provides enough help to get the researchers started by installing a server that is integrated with ICS authentication and NFS services. We will provide sudo privilege to install additional packages and start and stop services.

Limited support means that ICS Computing Support will:

  • Provision the operating system
  • Provide constant configuration via pupet
  • Provide Single Sign-on
  • Service and resource Monitoring
  • Ensure NFS access to ICS Storage Servers, home and extra directories, and the ICS software library (/pkg).
  • ICS /home /extra directories are snap shotted daily and backed up to tape monthly.
  • Package installs from trusted OS repositories only.
  • Limited Sudo for limited number of designated users.
  • Best effort OS troubleshooting.
  • Research compute role only.
  • Additional software can be compiled by end user
  • Service configurations to be done by end user.

Limited Managed with Sudo

Limited with Sudo means includes everything in Limited with the following modifications:

  • Full Sudo
  • ICS Storage Servers, home and extra directories, are only available via FUSE.
  • There are no snapshots or backups, user must backup data to ICS Storage Servers.
  • Docker is available.

Self Managed

Self managed hosts means that the self-managed team will provide full support. This includes upgrade/troubleshoot of all hardware/software.

Glossary

Full Sudo

Full Sudo privilege is delegated to the PI and one or two designated points of contact. These users can delegate that to additional group members.

Limited Sudo

Limited Sudo commands are eanbled for PI and one or two designated points of contact. Commands are provided based on need

Most commands are available except commands that allow owner and user change (e.g. commands such `chown` and `su`). This restriction is due to the presence of NFS mounted directories.

Single Sign on

The system is attached to ICS LDAP servers providing a common sign-on, password, uid.

Network Storage

NFS

ICS Home and extra directories are avaialable directly on systems with NFS access. NFS attached storage is not available on systems wtih full sudo due to irreconcilable security concerns.

FUSE

Network Storage via FUSE is avaialble on any system.

Backups

Snapshots

Snapshot are kept up to 30 days on ICS /home and /extra directories. Only available and managed and limited types of support.

Backups

Backups are made to tape once per month for on most /home and /extra/ directories. Available on managed and limited managed support.

OS Configuration

General configuration on all ICS managed systems is provided by the puppet several times a day. Puppet will automatically update things like /etc/hosts, grid engine, and the autofs configuration.

Self Install(Coming Soon)

Install media, kickstart, rescue disks and miscellaneous tools are all available via ICS PXE.

Software Library

ICS Computing Support routinely installs the latest version of popular packages for Managed platforms in the ICS Software Library. Additional packages available by request to helpdesk. Most software will work cross platform but it is not guaranteed (i.e. CentOS7 packages will frequently work under Ubuntu 18.04).

Virtual Environments

Virtual Box and Vagrant

See notes about VirtualBox/Vagrant

Docker

Docker is available only to managed with sudo, limited with sudo, and self managed due to lack of definable security.

services/supported_os.txt · Last modified: 2021/08/17 11:43 by vipada
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0