doc: clarifications regards tuf keys

Signed-off-by: Camila Macedo <[email protected]>
foundriesio · Oct 3, 2023 · f2ce3da · f2ce3da
1 parent 288bd30
commit f2ce3da
Show file tree

Hide file tree

Showing 2 changed files with 244 additions and 35 deletions.
diff --git a/source/reference-manual/ota/production-targets.rst b/source/reference-manual/ota/production-targets.rst
@@ -35,6 +35,12 @@ Waves allow Factory operators to control an exact time when devices see a new ve
 Performing a Production OTA
 ---------------------------
 
+.. important::
+
+   Before performing a Production OTA, ensure you have the `targets.key.tgz` in your
+   possession. This key is crucial for the operation and should be provided by the Factory admin.
+   For a deeper understanding of how this key is generated, refer to :ref:`ref-offline-keys`.
+
 A user should define a process to select CI builds which need to be delivered to production devices.
 Let's assume a user selected a CI build version 42 as ready to be run in production.
 To start the production release process, a user would create a new wave using the below command::
@@ -45,9 +51,24 @@ To start the production release process, a user would create a new wave using th
 This creates a new TUF targets role version for production devices which listen to OTA updates for the ``production`` tag.
 That TUF targets role only includes a single Target from CI build (in above example, that target version is 42).
 
-.. note::
+.. important::
 
    We recommend that a user generates :ref:`OSTree static deltas<ref-static-deltas>` before rolling out waves to devices.
+   Static Deltas will optimize your OTA update download.
+
+.. note::
+
+   If you encounter issues while creating the weave, particularly the following error:
+
+   .. code-block:: shell
+
+       409 CONFLICT
+       = Conflict: /ota/repo/qemu/api/v1/user_repo/root/updates?
+       = Only one TUF root updates transaction can be active at a time
+
+   It indicates a conflict with an active TUF root update.
+   The Factory admin might able to sort it out by running ``fioctl keys tuf updates cancel``.
+   After that, it is possible generate a new ``targets.key.tgz``.
 
 Once created, a new wave can be rolled out to Factory production devices, all at once or in phases.
 There are several ways how a wave can be rolled out: