Responsibility

OpenStack is a virtual machine hosting (VM) self service. These VMs are attached to a local network, they in principle reach the entire internet and in some cases can be reached from the entire internet or just a part of the internet. The state of a VM has a potential to impact the security of our local systems or even the outside world. Therefore it is crucial to have a propper contact person - a responsible - who has control over the VM and is member of the regular ERC staff. You can always find the actual list of VMs and responsibles in the server table on the status page.

The natural Contact / Responsible

A person who creates a VM automatically becomes the natural repsonsible contact for that VM. This is natural in the sence he or she will install the initial public key on the VM and thus is the only one who can control any further access.

Potentially abandoned VMs

From time to time people leave their position at ERC while VMs they have created keep on running and may at some point turn into trouble. Therefore such VMs are considered potentially abandoned and will be terminated after a certain time.

How to hand over responsibility (and continue operation of the VM) ?

If a VMs operation has to be continued after the original creator of the VM has left ERC, you need to propper handover the VM to another person working at ERC. By principle the new responsible has to get access to the VM and will be the new contact person for the VM. After handing over the VM you have to indicate this on the OpenStack Dashboard by adding the metadata tag contact with the email adress of the new responsible.

On OpenStack Dashboard go to the Instances page, choose the VM and select update metadata.

If not existing add the label contact.

Set the value for the label contact to the email adress of the new responsible.

Automation of process

Currently we manually have to maintain a secure operation and look for stale contacts, then try to find a person that might care about the VM. Often then responses are like "oh well, yes the VM should not be stopped until we have found / clarified who will be the new responsible person", often without any other further action following ever. We are planning an automated process in the near future which will stop a VM that has no valid contact associated after 30 days. The VM still can be restarted via the OpenStack Dashboard, but it will be stopped again when the next check cycle (once a month) will find out it still has no valid contact.