stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
c58a236d70742082c8dda5a967972d08424732f2
git.stella-ops.org/docs/doctor/articles/integration/object-storage.md
master c58a236d70 Doctor plugin checks: implement health check classes and documentation 
Implement remediation-aware health checks across all Doctor plugin modules
(Agent, Attestor, Auth, BinaryAnalysis, Compliance, Crypto, Environment,
EvidenceLocker, Notify, Observability, Operations, Policy, Postgres, Release,
Scanner, Storage, Vex) and their backing library counterparts (AI, Attestation,
Authority, Core, Cryptography, Database, Docker, Integration, Notify,
Observability, Security, ServiceGraph, Sources, Verification).

Each check now emits structured remediation metadata (severity, category,
runbook links, and fix suggestions) consumed by the Doctor dashboard
remediation panel.

Also adds:
- docs/doctor/articles/ knowledge base for check explanations
- Advisory AI search seed and allowlist updates for doctor content
- Sprint plan for doctor checks documentation

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 12:28:00 +02:00

2.2 KiB
Raw Blame History

checkId, plugin, severity, tags
checkId plugin severity tags
check.integration.s3.storage stellaops.doctor.integration warn
connectivity
s3
storage

Object Storage Connectivity

What It Checks

Reads the S3 endpoint from S3:Endpoint, Storage:S3:Endpoint, or AWS:S3:ServiceURL. Parses the URI to extract host and port (defaulting to 443 for HTTPS, 80 for HTTP). Opens a raw TCP connection with a 5-second timeout. The check passes if the TCP connection succeeds, fails on timeout, socket error, invalid URI format, or connection refusal.

Why It Matters

S3-compatible object storage is used for evidence packet archival, SBOM storage, offline kit distribution, and large artifact persistence. If the storage endpoint is unreachable, evidence export fails, SBOM uploads are rejected, and offline kit generation cannot complete. This blocks audit compliance workflows and air-gap distribution.

Common Causes

  • S3 endpoint (MinIO, AWS S3, or compatible) is unreachable
  • Network connectivity issues or DNS failure
  • Firewall blocking the storage port
  • Invalid endpoint URL format in configuration
  • MinIO or S3-compatible service is not running

How to Fix

Docker Compose

# Check S3 configuration
grep 'S3__\|STORAGE__S3' .env

# Test connectivity to MinIO
docker compose exec gateway curl -v http://minio:9000/minio/health/live

# Restart MinIO if stopped
docker compose up -d minio

# Update endpoint
echo 'S3__Endpoint=http://minio:9000' >> .env
docker compose restart platform

Bare Metal / systemd

# Verify S3 configuration
cat /etc/stellaops/appsettings.Production.json | jq '.S3'

# Test connectivity
curl -v http://minio.example.com:9000/minio/health/live

# Check if MinIO is running
sudo systemctl status minio

# Update configuration
sudo nano /etc/stellaops/appsettings.Production.json
sudo systemctl restart stellaops-platform

Kubernetes / Helm

# values.yaml
s3:
  endpoint: http://minio.storage.svc.cluster.local:9000
  bucket: stellaops-evidence

helm upgrade stellaops ./chart -f values.yaml

Verification

stella doctor run --check check.integration.s3.storage

Related Checks

  • check.integration.oci.registry -- OCI registries may also store artifacts