Closed rbogle closed 1 year ago
We need to give give Chris role-Based training before giving him privilege access. Can y’all still for that in?
@pburkholder Sure thing. @Chiakao is going to handle the role-based trainings early next week. Can you clarify privileged access? Is it everything under the "Cloud Operations account management"? I'm going to work off that assumption for now to be safe, but we should update the template to say as much if so. Right now, the ticket only requires the new person to complete GSA's Mandatory Cyber Security and Privacy Training.
(You're off, so don't feel pressure to respond. Chris has plenty of GSA onboarding to keep his first week occupied.)
GH username is ChrisMcGowan
Poke @soutenniza for Ubuntu Advantage
New Platform Operator Onboarding Checklist
Special Notes
Do not create this issue until the System Owner has formally authorized and requested it. You can obtain that OK by one of two ways: A:
B:
https://groups.google.com/a/gsa.gov/g/cloud-gov-compliance/c/Z7kTs-BNJfs/m/BN2AyWbqBQAJ
In order to get
Chris
productively contributing to the cloud.gov team,James
should helpChris
complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.Instructions
James
can’t complete any of the items on their checklist personally, they are responsible for ensuring that someone with the correct access completes that item.Onboarding Checklist
Required items for all team members
These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.
Pre-requisites
Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy
cloud-gov
organization in GitHub, and thecloud-gov-team
team.Learn our policies and procedures
For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished. This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket. Once the trainings are scheduled, they can be marked as complete here.
Getting to know cloud.gov
These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
Resources on cloud.gov:
Resources on CloudFoundry/BOSH:
Getting hands-on with cloud.gov:
Add yourself to team resources:
Slack channels
Your onboarding buddy will add you to these Slack channels:
#cloud-gov
- bots post announcements here#cg-aws-security
- private channel where bots post security notices#cg-aws-status
- bots post announcements about AWS service outages/incidents#cg-billing
- private business development channel (if applicable)#cg-business
- business development (if applicable)#cg-compliance
- compliance-related information and discussion#cg-offtopic
- off-topic team sharing#cg-ops-banter
- private channel for operations/engineering banter#cg-platform
- platform operations#cg-platform-news
- bots post platform alerts (mostly CI job notifications)#cg-general
- program-level information and discusion#cg-support
- support requests and assistance within TTS#cg-supportstream
- stream of activity on Zendesk tickets#cg-incidents
- private channel for incident response#cg-priv-all
- private channel for in-team discussion#cg-priv-gov
(Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only commsOnce you're added to these channels, you probably want to mute these channels until you're on a support rotation:
#cg-support
#cg-supportstream
#cg-platform-news
Platform-Ops-specific items
Machine admin rights
In order to install development tools on your Mac, you will need to request local admin rights by submitting a ServiceDesk ticket using this justification. If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
Cloud Operations account management
Note: These are all contingent on completing the GSA Mandatory Cyber Security and Privacy Training first. AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.
platform-ops
team in GitHub.agent
to the cloud.gov support Zendesk (Ask a cloud.gov member with admin access to Zendesk to add them).Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.
Additional compliance setup/review
caulking
git leak prevention by following the READMEcaulking
by runningmake audit
and pasting a screenshot as a comment on this GitHub issuegit config commit.gpgsign
as a comment on this GitHub issueInstall a development environment for cloud.gov
brew
)brew tap cloudfoundry/tap
brew install cf-cli@7
brew install openssl
cf login -a api.fr.cloud.gov --sso
cf orgs
brew install cloudfoundry/tap/bosh-cli
bosh -v
in the command linebrew install terraform
brew install awscli
brew install jq
terraform
and helper text should displayaws
and helper text should displayaws-vault
by following our directions[x] Install the Concourse
fly
CLIbrew install fly
fly -h
in your command lineThis may fail due to app security policy on your mac rejecting apps from unidentified developers. To fix it (replace
<VERSION>
with your installed version offly
):xattr -d com.apple.quarantine /usr/local/Caskroom/fly/<VERSION>/fly
cg-scripts
repo: rungit clone https://github.com/cloud-gov/cg-scripts.git
in your command lineFigure out your first tasks
Please work with your onboarding buddy to determine a platform component to work on first. Once you've identified the component you're going to focus on, your onboarding buddy will introduce you to someone who can onboard you to that project in specific. For the next few sprints, work on features, bugs, and improvements on this component. Reach out to your onboarding buddy or anyone else on the team if you need any help. Here are some easily-separated pieces to consider:
Compliance items
These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested: