--- checkId: check.integration.s3.storage plugin: stellaops.doctor.integration severity: warn tags: [connectivity, s3, storage] --- # Object Storage Connectivity ## What It Checks Reads the S3 endpoint from `S3:Endpoint`, `Storage:S3:Endpoint`, or `AWS:S3:ServiceURL`. Parses the URI to extract host and port (defaulting to 443 for HTTPS, 80 for HTTP). Opens a raw TCP connection with a 5-second timeout. The check **passes** if the TCP connection succeeds, **fails** on timeout, socket error, invalid URI format, or connection refusal. ## Why It Matters S3-compatible object storage is used for evidence packet archival, SBOM storage, offline kit distribution, and large artifact persistence. If the storage endpoint is unreachable, evidence export fails, SBOM uploads are rejected, and offline kit generation cannot complete. This blocks audit compliance workflows and air-gap distribution. ## Common Causes - S3 endpoint (MinIO, AWS S3, or compatible) is unreachable - Network connectivity issues or DNS failure - Firewall blocking the storage port - Invalid endpoint URL format in configuration - MinIO or S3-compatible service is not running ## How to Fix ### Docker Compose ```bash # Check S3 configuration grep 'S3__\|STORAGE__S3' .env # Test connectivity to MinIO docker compose exec gateway curl -v http://minio:9000/minio/health/live # Restart MinIO if stopped docker compose up -d minio # Update endpoint echo 'S3__Endpoint=http://minio:9000' >> .env docker compose restart platform ``` ### Bare Metal / systemd ```bash # Verify S3 configuration cat /etc/stellaops/appsettings.Production.json | jq '.S3' # Test connectivity curl -v http://minio.example.com:9000/minio/health/live # Check if MinIO is running sudo systemctl status minio # Update configuration sudo nano /etc/stellaops/appsettings.Production.json sudo systemctl restart stellaops-platform ``` ### Kubernetes / Helm ```yaml # values.yaml s3: endpoint: http://minio.storage.svc.cluster.local:9000 bucket: stellaops-evidence ``` ```bash helm upgrade stellaops ./chart -f values.yaml ``` ## Verification ``` stella doctor run --check check.integration.s3.storage ``` ## Related Checks - `check.integration.oci.registry` -- OCI registries may also store artifacts