stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7be4e855d69f59ea7837af96fef37fdac63a41fe
git.stella-ops.org/docs/doctor/articles/integration/oci-registry-connectivity.md
master c58a236d70 Doctor plugin checks: implement health check classes and documentation 
Implement remediation-aware health checks across all Doctor plugin modules
(Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment,
EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release,
Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation,
Authority, Core, Cryptography, Database, Docker, Integration, Notify,
Observability, Security, ServiceGraph, Sources, Verification).

Each check now emits structured remediation metadata (severity, category,
runbook links, and fix suggestions) consumed by the Doctor dashboard
remediation panel.

Also adds:
- docs/doctor/articles/ knowledge base for check explanations
- Advisory AI search seed and allowlist updates for doctor content
- Sprint plan for doctor checks documentation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 12:28:00 +02:00

2.4 KiB
Raw Blame History

checkId, plugin, severity, tags
checkId plugin severity tags
check.integration.oci.registry stellaops.doctor.integration warn
connectivity
oci
registry

OCI Registry Connectivity

What It Checks

Reads the registry URL from OCI:RegistryUrl or Registry:Url. Sends an HTTP GET to <registryUrl>/v2/ (the OCI Distribution Spec base endpoint). The check passes if the response is 200 (open registry) or 401 (registry reachable, auth required), warns on any other status code, and fails on connection errors.

Why It Matters

The OCI registry is the central artifact store for container images, SBOMs, attestations, and signatures. If the registry is unreachable, image pulls fail during deployment, SBOM scans cannot fetch manifests, attestation verification cannot retrieve signatures, and promotions are blocked. This is a foundational dependency for nearly every Stella Ops workflow.

Common Causes

  • Registry URL is incorrect (typo, wrong port, wrong scheme)
  • Network connectivity issues between Stella Ops and the registry
  • Registry service is down or restarting
  • Registry does not support the OCI Distribution spec at /v2/
  • Registry endpoint is misconfigured (path prefix required)

How to Fix

Docker Compose

# Check registry configuration
grep 'OCI__REGISTRYURL\|REGISTRY__URL' .env

# Test the /v2/ endpoint from inside the network
docker compose exec gateway curl -sv https://registry.example.com/v2/

# Update registry URL
echo 'OCI__RegistryUrl=https://registry.example.com' >> .env
docker compose restart platform

Bare Metal / systemd

# Verify configuration
cat /etc/stellaops/appsettings.Production.json | jq '.OCI'

# Test connectivity
curl -v https://registry.example.com/v2/

# Fix configuration
sudo nano /etc/stellaops/appsettings.Production.json
sudo systemctl restart stellaops-platform

Kubernetes / Helm

# values.yaml
oci:
  registryUrl: https://registry.example.com

helm upgrade stellaops ./chart -f values.yaml

Verification

stella doctor run --check check.integration.oci.registry

Related Checks

  • check.integration.oci.credentials -- validates registry credentials
  • check.integration.oci.pull -- verifies pull authorization
  • check.integration.oci.push -- verifies push authorization
  • check.integration.oci.referrers -- checks OCI 1.1 referrers API support
  • check.integration.oci.capabilities -- probes full capability matrix