Runbook: SPIRE Agent Attestation Fix

Purpose

Restore SPIRE agent attestation when identities fail to enroll or rotate.

Symptoms

• SPIRE agent logs show attestation failure
• Workloads fail to obtain SVIDs

Prerequisites

• SSH access to odin
• Access to SPIRE server logs

Procedure

Step 1: Check SPIRE agent logs

ssh ravenhelm@100.115.101.81 "docker logs spire-agent --tail 200"

Step 2: Check SPIRE server logs

ssh ravenhelm@100.115.101.81 "docker logs spire-server --tail 200"

Step 3: Restart SPIRE agent

ssh ravenhelm@100.115.101.81 "docker restart spire-agent"

Step 4: Validate attestation

ssh ravenhelm@100.115.101.81 "docker exec spire-agent spire-agent healthcheck"

Verification

• SPIRE agent healthcheck returns success
• Workloads can fetch SVIDs

Rollback

If issues persist, re-register the agent entry and re-run the attestation workflow.

Related

• SPIRE
• Identity Management