Doctor plugin checks: implement health check classes and documentation
Implement remediation-aware health checks across all Doctor plugin modules (Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment, EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release, Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation, Authority, Core, Cryptography, Database, Docker, Integration, Notify, Observability, Security, ServiceGraph, Sources, Verification). Each check now emits structured remediation metadata (severity, category, runbook links, and fix suggestions) consumed by the Doctor dashboard remediation panel. Also adds: - docs/doctor/articles/ knowledge base for check explanations - Advisory AI search seed and allowlist updates for doctor content - Sprint plan for doctor checks documentation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
73
docs/doctor/articles/integration/object-storage.md
Normal file
73
docs/doctor/articles/integration/object-storage.md
Normal file
@@ -0,0 +1,73 @@
|
||||
---
|
||||
checkId: check.integration.s3.storage
|
||||
plugin: stellaops.doctor.integration
|
||||
severity: warn
|
||||
tags: [connectivity, s3, storage]
|
||||
---
|
||||
# Object Storage Connectivity
|
||||
|
||||
## What It Checks
|
||||
Reads the S3 endpoint from `S3:Endpoint`, `Storage:S3:Endpoint`, or `AWS:S3:ServiceURL`. Parses the URI to extract host and port (defaulting to 443 for HTTPS, 80 for HTTP). Opens a raw TCP connection with a 5-second timeout. The check **passes** if the TCP connection succeeds, **fails** on timeout, socket error, invalid URI format, or connection refusal.
|
||||
|
||||
## Why It Matters
|
||||
S3-compatible object storage is used for evidence packet archival, SBOM storage, offline kit distribution, and large artifact persistence. If the storage endpoint is unreachable, evidence export fails, SBOM uploads are rejected, and offline kit generation cannot complete. This blocks audit compliance workflows and air-gap distribution.
|
||||
|
||||
## Common Causes
|
||||
- S3 endpoint (MinIO, AWS S3, or compatible) is unreachable
|
||||
- Network connectivity issues or DNS failure
|
||||
- Firewall blocking the storage port
|
||||
- Invalid endpoint URL format in configuration
|
||||
- MinIO or S3-compatible service is not running
|
||||
|
||||
## How to Fix
|
||||
|
||||
### Docker Compose
|
||||
```bash
|
||||
# Check S3 configuration
|
||||
grep 'S3__\|STORAGE__S3' .env
|
||||
|
||||
# Test connectivity to MinIO
|
||||
docker compose exec gateway curl -v http://minio:9000/minio/health/live
|
||||
|
||||
# Restart MinIO if stopped
|
||||
docker compose up -d minio
|
||||
|
||||
# Update endpoint
|
||||
echo 'S3__Endpoint=http://minio:9000' >> .env
|
||||
docker compose restart platform
|
||||
```
|
||||
|
||||
### Bare Metal / systemd
|
||||
```bash
|
||||
# Verify S3 configuration
|
||||
cat /etc/stellaops/appsettings.Production.json | jq '.S3'
|
||||
|
||||
# Test connectivity
|
||||
curl -v http://minio.example.com:9000/minio/health/live
|
||||
|
||||
# Check if MinIO is running
|
||||
sudo systemctl status minio
|
||||
|
||||
# Update configuration
|
||||
sudo nano /etc/stellaops/appsettings.Production.json
|
||||
sudo systemctl restart stellaops-platform
|
||||
```
|
||||
|
||||
### Kubernetes / Helm
|
||||
```yaml
|
||||
# values.yaml
|
||||
s3:
|
||||
endpoint: http://minio.storage.svc.cluster.local:9000
|
||||
bucket: stellaops-evidence
|
||||
```
|
||||
```bash
|
||||
helm upgrade stellaops ./chart -f values.yaml
|
||||
```
|
||||
|
||||
## Verification
|
||||
```
|
||||
stella doctor run --check check.integration.s3.storage
|
||||
```
|
||||
|
||||
## Related Checks
|
||||
- `check.integration.oci.registry` -- OCI registries may also store artifacts
|
||||
Reference in New Issue
Block a user