35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# Airgap Operations (DOCS-AIRGAP-57-004)
|
|
|
|
Runbooks for imports, failure recovery, and auditing in sealed/constrained modes.
|
|
|
|
## Imports
|
|
1) Verify bundle hash/DSSE (see `mirror-bundles.md`).
|
|
2) `stella airgap import --bundle ... --generation N --dry-run` (optional).
|
|
3) Apply network policy: ensure sealed/constrained mode set correctly.
|
|
4) Import with `stella airgap import ...` and watch logs.
|
|
5) Confirm timeline event emitted (bundleId, mirrorGeneration, actor).
|
|
|
|
## Failure recovery
|
|
- Hash/signature mismatch: reject bundle; re-request export; log incident.
|
|
- Partial import: rerun with `--force` after cleaning registry/cache; keep previous generation for rollback.
|
|
- Staleness breach: if imports unavailable, raise amber alert; if >72h, go red and halt new ingest until refreshed.
|
|
- Time anchor expired: apply new anchor from trusted media before continuing operations.
|
|
|
|
## Auditing
|
|
- Record every import in audit log: `{tenant, mirrorGeneration, manifestHash, actor, sealed}`.
|
|
- Preserve manifests and hashes for at least two generations.
|
|
- Periodically (daily) run `stella airgap list --format json` and archive output.
|
|
- Ensure logs are immutable (append-only) in sealed environments.
|
|
|
|
## Observability
|
|
- Monitor counters for denied egress, import success/failure, and staleness alerts.
|
|
- Expose `/obs/airgap/status` (if available) to scrape bundle freshness.
|
|
|
|
## Checklist (per import)
|
|
- [ ] Hash/DSSE verified
|
|
- [ ] Sealed/constrained mode configured
|
|
- [ ] Registry/cache reachable
|
|
- [ ] Import succeeded
|
|
- [ ] Timeline/audit recorded
|
|
- [ ] Staleness dashboard updated
|