synergy moats product advisory implementations

2026-01-17 01:30:03 +02:00
parent 77ff029205
commit d8d9c0a6e3
106 changed files with 20603 additions and 123 deletions
--- a/docs/operations/runbooks/connector-vendor-specific.md
+++ b/docs/operations/runbooks/connector-vendor-specific.md
@@ -0,0 +1,220 @@
+# Runbook Template: Feed Connector - Vendor-Specific Connectors
+
+> **Sprint:** SPRINT_20260117_029_DOCS_runbook_coverage
+> **Task:** RUN-006 - Feed Connector Runbooks
+
+## Overview
+
+This is a template runbook for vendor-specific advisory feed connectors (RedHat, Ubuntu, Debian, Oracle, VMware, etc.). Use this template to create runbooks for specific vendor connectors.
+
+---
+
+## Metadata Template
+
+| Field | Value |
+|-------|-------|
+| **Component** | Concelier / [Vendor] Connector |
+| **Severity** | High |
+| **On-call scope** | Platform team |
+| **Last updated** | [Date] |
+| **Doctor check** | `check.connector.[vendor]-health` |
+
+---
+
+## Common Vendor Connector Issues
+
+### Authentication Failures
+
+**Symptoms:**
+- Sync failing with 401/403 errors
+- "authentication failed" or "invalid credentials"
+
+**Resolution:**
+```bash
+# Check credentials
+stella connector credentials show <vendor>
+
+# Update credentials
+stella connector credentials update <vendor> --api-key <key>
+
+# Test connectivity
+stella connector test <vendor>
+```
+
+### Rate Limiting
+
+**Symptoms:**
+- Sync failing with 429 errors
+- "rate limit exceeded"
+
+**Resolution:**
+```bash
+# Check rate limit status
+stella connector <vendor> rate-limit-status
+
+# Increase sync interval
+stella connector config set <vendor>.sync_interval 6h
+
+# Enable delta sync
+stella connector config set <vendor>.delta_sync true
+```
+
+### Data Format Changes
+
+**Symptoms:**
+- Parsing errors in sync logs
+- "unexpected format" or "schema validation failed"
+
+**Resolution:**
+```bash
+# Check for schema changes
+stella connector <vendor> schema-check
+
+# Update connector
+stella upgrade --component connector-<vendor>
+```
+
+### Offline Bundle Refresh
+
+**Resolution:**
+```bash
+# Create offline bundle
+stella offline sync --feeds <vendor> --output <vendor>-bundle.tar.gz
+
+# Load offline bundle
+stella offline load --source <vendor> --package <vendor>-bundle.tar.gz
+```
+
+---
+
+## Vendor-Specific Runbooks
+
+Use this template to create runbooks for:
+
+### RedHat Security Data
+
+**Endpoint:** https://access.redhat.com/security/data/
+**Authentication:** API token or certificate
+**Connector:** `connector-redhat`
+
+Key commands:
+```bash
+stella connector test redhat
+stella admin feeds status --source redhat
+stella connector redhat cve-map-status  # RHSA to CVE mapping
+```
+
+### Ubuntu Security Notices
+
+**Endpoint:** https://ubuntu.com/security/notices
+**Authentication:** None (public)
+**Connector:** `connector-ubuntu`
+
+Key commands:
+```bash
+stella connector test ubuntu
+stella admin feeds status --source ubuntu
+stella connector ubuntu usn-status  # USN sync status
+```
+
+### Debian Security Tracker
+
+**Endpoint:** https://security-tracker.debian.org/
+**Authentication:** None (public)
+**Connector:** `connector-debian`
+
+Key commands:
+```bash
+stella connector test debian
+stella admin feeds status --source debian
+stella connector debian dla-status  # DLA sync status
+```
+
+### Oracle Security Alerts
+
+**Endpoint:** https://www.oracle.com/security-alerts/
+**Authentication:** Oracle account (optional)
+**Connector:** `connector-oracle`
+
+Key commands:
+```bash
+stella connector test oracle
+stella admin feeds status --source oracle
+stella connector oracle cpu-status  # Critical Patch Update status
+```
+
+### VMware Security Advisories
+
+**Endpoint:** https://www.vmware.com/security/advisories
+**Authentication:** None (public)
+**Connector:** `connector-vmware`
+
+Key commands:
+```bash
+stella connector test vmware
+stella admin feeds status --source vmware
+stella connector vmware vmsa-status  # VMSA sync status
+```
+
+---
+
+## Diagnosis Checklist
+
+For any vendor connector issue:
+
+1. **Check Doctor diagnostics:**
+   ```bash
+   stella doctor --check check.connector.<vendor>-health
+   ```
+
+2. **Check sync status:**
+   ```bash
+   stella admin feeds status --source <vendor>
+   ```
+
+3. **Test connectivity:**
+   ```bash
+   stella connector test <vendor>
+   ```
+
+4. **Check logs:**
+   ```bash
+   stella connector logs <vendor> --last 1h --level error
+   ```
+
+5. **Check credentials (if applicable):**
+   ```bash
+   stella connector credentials show <vendor>
+   ```
+
+---
+
+## Resolution Checklist
+
+1. **Retry sync:**
+   ```bash
+   stella admin feeds refresh --source <vendor>
+   ```
+
+2. **Update credentials (if auth issue):**
+   ```bash
+   stella connector credentials update <vendor>
+   ```
+
+3. **Update connector (if format changed):**
+   ```bash
+   stella upgrade --component connector-<vendor>
+   ```
+
+4. **Load offline bundle (if API unavailable):**
+   ```bash
+   stella offline load --source <vendor> --package <vendor>-bundle.tar.gz
+   ```
+
+---
+
+## Related Resources
+
+- **Connector architecture:** `docs/modules/concelier/connectors.md`
+- **Vendor connector configs:** `docs/modules/concelier/operations/connectors/`
+- **Related runbooks:** `connector-nvd.md`, `connector-ghsa.md`, `connector-osv.md`