From 8284522fdbb6ac86c1aada52079f816919e2f422 Mon Sep 17 00:00:00 2001
From: "Antoine R. Dumont (@ardumont)" <ardumont@softwareheritage.org>
Date: Tue, 11 Mar 2025 17:05:37 +0100
Subject: [PATCH 1/2] Fix end-to-end checks for deposit & webapp

All checks were deployed on the production environment because it relied on
lookup of variables changing between environments. As the checks are deployed
on pergamon which is a production node, that could not be functional.

Refs. swh/infra/sysadm-environment#5588
---
 .../manifests/icinga2/objects/static_checks.pp | 18 +++++++++---------
 .../swh/deploy/deposit/icinga_checks.pp        |  4 ++--
 .../swh/deploy/webapp/icinga_checks.pp         |  3 ++-
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/site-modules/profile/manifests/icinga2/objects/static_checks.pp b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
index 9b0c1f4f8..c21a6de94 100644
--- a/site-modules/profile/manifests/icinga2/objects/static_checks.pp
+++ b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
@@ -25,11 +25,6 @@ class profile::icinga2::objects::static_checks {
     },
   }
 
-  ::profile::swh::deploy::webapp::icinga_checks {'archive.softwareheritage.org':
-    environment => "production",
-    host_name   => "moma.softwareheritage.org",
-  }
-
   ::icinga2::object::host {'archive-production-rke2':
     check_command => 'dummy',
     address       => 'k8s-archive-production-rke2.internal.softwareheritage.org',
@@ -52,9 +47,14 @@ class profile::icinga2::objects::static_checks {
     },
   }
 
+  ::profile::swh::deploy::webapp::icinga_checks {'archive.softwareheritage.org':
+    environment => "production",
+    host_name   => "moma.softwareheritage.org",
+  }
+
   ::profile::swh::deploy::webapp::icinga_checks {'webapp.staging.swh.network':
-    environment      => "staging",
-    host_name        => "archive-staging-rke2",
+    environment => "staging",
+    host_name   => "archive-staging-rke2",
   }
 
   ::profile::swh::deploy::deposit::icinga_checks {'deposit.softwareheritage.org':
@@ -63,8 +63,8 @@ class profile::icinga2::objects::static_checks {
   }
 
   ::profile::swh::deploy::deposit::icinga_checks {'deposit.staging.swh.network':
-    environment      => "staging",
-    host_name        => "archive-staging-rke2",
+    environment => "staging",
+    host_name   => "archive-staging-rke2",
   }
 
   ::profile::swh::deploy::vault::icinga_checks {'production':
diff --git a/site-modules/profile/manifests/swh/deploy/deposit/icinga_checks.pp b/site-modules/profile/manifests/swh/deploy/deposit/icinga_checks.pp
index 8705c52fc..431497998 100644
--- a/site-modules/profile/manifests/swh/deploy/deposit/icinga_checks.pp
+++ b/site-modules/profile/manifests/swh/deploy/deposit/icinga_checks.pp
@@ -2,12 +2,12 @@
 define profile::swh::deploy::deposit::icinga_checks (
   # vhost name of the service to check
   $vhost_name       = $title,
+  $deposit_server   = $title,
   $vhost_ssl_port   = 443,
   $environment      = undef,
   # The hostname where the services runs (icinga needs it)
   $host_name        = undef,
 ) {
-
   $backend_listen_host = lookup('swh::deploy::deposit::backend::listen::host')
   $backend_listen_port = lookup('swh::deploy::deposit::backend::listen::port')
 
@@ -34,7 +34,7 @@ define profile::swh::deploy::deposit::icinga_checks (
 
   # Install deposit end-to-end checks
   profile::icinga2::objects::e2e_checks_deposit {"End-to-end Deposit Test(s) in ${environment}":
-    deposit_server        => lookup('swh::deploy::deposit::e2e::server'),
+    deposit_server        => "https://${deposit_server}/1",
     deposit_user          => lookup('swh::deploy::deposit::e2e::user'),
     deposit_pass          => lookup('swh::deploy::deposit::e2e::password'),
     deposit_collection    => lookup('swh::deploy::deposit::e2e::collection'),
diff --git a/site-modules/profile/manifests/swh/deploy/webapp/icinga_checks.pp b/site-modules/profile/manifests/swh/deploy/webapp/icinga_checks.pp
index 31db294b4..7532ecce8 100644
--- a/site-modules/profile/manifests/swh/deploy/webapp/icinga_checks.pp
+++ b/site-modules/profile/manifests/swh/deploy/webapp/icinga_checks.pp
@@ -2,6 +2,7 @@
 define profile::swh::deploy::webapp::icinga_checks (
   # vhost name of the service to check
   $vhost_name       = $title,
+  $server_webapp    = $title,
   $vhost_ssl_port   = 443,
   $environment      = undef,
   # The hostname where the services runs (icinga needs it)
@@ -71,7 +72,7 @@ define profile::swh::deploy::webapp::icinga_checks (
     $origins = lookup('swh::deploy::savecodenow::e2e::origins')
     each($origins) | $entry | {
       profile::icinga2::objects::e2e_checks_savecodenow {"End-to-end SaveCodeNow Check - ${entry['name']} with type ${entry['type']} in ${environment}":
-        server_webapp => lookup('swh::deploy::savecodenow::e2e::webapp'),
+        server_webapp => "https://${server_webapp}",
         origin_name   => $entry['name'],
         origin_url    => $entry['origin'],
         origin_type   => $entry['type'],
-- 
GitLab


From c90465af8496bb42e3ca4ddba7993485ed13fa79 Mon Sep 17 00:00:00 2001
From: "Antoine R. Dumont (@ardumont)" <ardumont@softwareheritage.org>
Date: Tue, 11 Mar 2025 17:06:39 +0100
Subject: [PATCH 2/2] Align vault end-to-end definition with the other
 end-to-end checks

That one was already functional since it did not rely on the lookup. This just
aligns its definition with the other two.

Refs. swh/infra/sysadm-environment#5588
---
 .../profile/manifests/icinga2/objects/static_checks.pp   | 8 ++++----
 .../profile/manifests/swh/deploy/vault/icinga_checks.pp  | 9 ++++-----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/site-modules/profile/manifests/icinga2/objects/static_checks.pp b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
index c21a6de94..9874aca26 100644
--- a/site-modules/profile/manifests/icinga2/objects/static_checks.pp
+++ b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
@@ -67,13 +67,13 @@ class profile::icinga2::objects::static_checks {
     host_name   => "archive-staging-rke2",
   }
 
-  ::profile::swh::deploy::vault::icinga_checks {'production':
-    storage     => "http://storage-postgresql-ro.internal.softwareheritage.org",
+  ::profile::swh::deploy::vault::icinga_checks {'storage-postgresql-ro.internal.softwareheritage.org':
+    environment => "production",
     webapp      => "https://archive.softwareheritage.org",
   }
 
-  ::profile::swh::deploy::vault::icinga_checks {'staging':
-    storage     => "http://storage-ro.internal.staging.swh.network",
+  ::profile::swh::deploy::vault::icinga_checks {'storage-ro.internal.staging.swh.network':
+    environment => "staging",
     webapp      => "https://webapp.staging.swh.network",
   }
 
diff --git a/site-modules/profile/manifests/swh/deploy/vault/icinga_checks.pp b/site-modules/profile/manifests/swh/deploy/vault/icinga_checks.pp
index 6d870b5d4..974e97561 100644
--- a/site-modules/profile/manifests/swh/deploy/vault/icinga_checks.pp
+++ b/site-modules/profile/manifests/swh/deploy/vault/icinga_checks.pp
@@ -1,13 +1,12 @@
 # Install icinga checks for one webapp instance
 define profile::swh::deploy::vault::icinga_checks (
-  $environment      = $title,
-  $storage          = undef,
+  $storage          = $title,
   $webapp           = undef,
-)
-{
+  $environment      = undef,
+) {
   # Install vault end-to-end checks
   profile::icinga2::objects::e2e_checks_vault {"End-to-end Vault Test(s) in ${environment}":
-    server_vault  => $storage,
+    server_vault  => "http://${storage}",
     server_webapp => $webapp,
     environment   => $environment,
   }
-- 
GitLab