1.7 KiB
1.7 KiB
Concelier Air-Gap Bundle Deploy Runbook (CONCELIER-AIRGAP-56-003)
Status: draft · 2025-11-24 Scope: deploy sealed-mode Concelier evidence bundles using deterministic NDJSON + manifest/entry-trace outputs.
Inputs
- Bundle:
concelier-airgap.ndjson - Manifest:
bundle.manifest.json - Entry trace:
bundle.entry-trace.json - Hashes: SHA256 recorded in manifest and entry-trace; verify before import.
Preconditions
- Concelier WebService running with
concelier:features:airgapenabled. - No external egress; only local file system allowed for bundle path.
- Mongo indexes applied (
advisory_observations,advisory_linksets).
Steps
- Transfer bundle directory to offline controller host.
- Verify hashes:
sha256sum concelier-airgap.ndjson | diff - <(jq -r .bundleSha256 bundle.manifest.json) jq -r '.[].sha256' bundle.entry-trace.json | nl | sed 's/\t/:/' > entry.hashes paste -d' ' <(cut -d: -f1 entry.hashes) <(cut -d: -f2 entry.hashes) - Import:
curl -sSf -X POST \ -H 'Content-Type: application/x-ndjson' \ --data-binary @concelier-airgap.ndjson \ http://localhost:5000/internal/airgap/import - Validate import:
curl -sSf http://localhost:5000/internal/airgap/status | jq - Record evidence:
- Store manifest + entry-trace alongside TRX/logs in
artifacts/airgap/<date>/.
- Store manifest + entry-trace alongside TRX/logs in
Determinism notes
- NDJSON ordering is lexicographic; do not re-sort downstream.
- Entry-trace hashes must match post-transfer; any mismatch aborts import.
Rollback
- Delete imported batch by
bundleIdfromadvisory_observationsandadvisory_linksets(requires DBA approval); rerun import after fixing hash.