fix: Docs and Terraform usage after cutting track/2

.github/workflows/terraform.yml

@@ -2,8 +2,6 @@ name: Terraform
 
 on:
   pull_request:
-    branches:
-      - main
     paths:
       - "**/*.tf"
 

docs/how-to/cos-tls.tf

@@ -4,9 +4,9 @@ resource "juju_model" "cos" {
 
 module "cos" {
   # Use the right source value depending on whether you are using cos or cos-lite
-  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=track/2"
   model_uuid                      = juju_model.cos.uuid
-  channel                         = "1/stable"
+  channel                         = "2/stable"
   internal_tls                    = true # TLS between in-model applications
 
   # Update the _offer_url inputs with the offered endpoints of the external CA's model

docs/tutorial/installation/cos-canonical-k8s-sandbox.conf

@@ -74,9 +74,9 @@ runcmd:
     }
 
     module "cos" {
-      source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+      source                          = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=track/2"
       model_uuid                      = juju_model.cos.uuid
-      channel                         = "2/edge"
+      channel                         = "2/stable"
       anti_affinity                   = false
       internal_tls                    = false
       external_certificates_offer_url = null

docs/tutorial/installation/cos-lite-microk8s-sandbox.tf

@@ -14,9 +14,9 @@ resource "juju_model" "cos" {
 }
 
 module "cos-lite" {
-  source     = "git::https://github.com/canonical/observability-stack//terraform/cos-lite"
+  source     = "git::https://github.com/canonical/observability-stack//terraform/cos-lite?ref=track/2"
   model_uuid = juju_model.cos.uuid
-  channel    = "1/stable"
+  channel    = "2/stable"
   ssc        = { channel = "1/stable" }
   traefik    = { channel = "latest/edge" }
 }

tests/integration/cos/tls_external/test_upgrade_cos_tls_external.py

@@ -10,12 +10,14 @@
 from helpers import (
     catalogue_apps_are_reachable,
     get_tls_context,
+    refresh_o11y_apps,
     wait_for_active_idle_without_error,
 )
 
 import jubilant
 
 TRACK_2_TF_FILE = Path(__file__).parent.resolve() / "track-2.tf"
+TRACK_DEV_TF_FILE = Path(__file__).parent.resolve() / "track-dev.tf"
 S3_ENDPOINT = {
     "s3_endpoint": os.getenv("S3_ENDPOINT"),
     "s3_secret_key": os.getenv("S3_SECRET_KEY"),
@@ -38,3 +40,20 @@ def test_deploy_from_track(
     wait_for_active_idle_without_error([cos_model], timeout=5400)
     tls_ctx = get_tls_context(tmp_path, ca_model, "self-signed-certificates")
     catalogue_apps_are_reachable(cos_model, tls_ctx)
+
+
+def test_deploy_to_track(
+    tmp_path, tf_manager, ca_model: jubilant.Juju, cos_model: jubilant.Juju
+):
+    # WHEN upgraded to track n
+    cos_model.remove_relation("traefik:traefik-route", "grafana:ingress")
+    wait_for_active_idle_without_error([cos_model])
+    # FIXME: https://github.com/juju/terraform-provider-juju/issues/967
+    refresh_o11y_apps(cos_model, channel="dev/edge", base="ubuntu@24.04")
+    tf_manager.init(TRACK_DEV_TF_FILE)
+    tf_manager.apply(ca_model=ca_model.model, cos_model=cos_model.model, **S3_ENDPOINT)
+
+    # THEN the model is upgraded and is healthy
+    wait_for_active_idle_without_error([ca_model, cos_model])
+    tls_ctx = get_tls_context(tmp_path, ca_model, "self-signed-certificates")
+    catalogue_apps_are_reachable(cos_model, tls_ctx)

tests/integration/cos/tls_external/track-2.tf

@@ -44,9 +44,9 @@ module "ssc" {
 }
 
 module "cos" {
-  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=track/2"
   model_uuid                      = data.juju_model.cos-model.uuid
-  channel                         = "2/edge"
+  channel                         = "2/stable"
   internal_tls                    = "false"
   external_certificates_offer_url = "admin/${var.ca_model}.certificates"
   external_ca_cert_offer_url      = "admin/${var.ca_model}.send-ca-cert"

tests/integration/cos/tls_external/track-dev.tf

@@ -0,0 +1,65 @@
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    juju = {
+      source  = "juju/juju"
+      version = "~> 1.0"
+    }
+  }
+}
+
+variable "cos_model" {
+  type = string
+}
+
+variable "ca_model" {
+  type = string
+}
+
+data "juju_model" "ca-model" {
+  name  = var.ca_model
+  owner = "admin"
+}
+
+data "juju_model" "cos-model" {
+  name  = var.cos_model
+  owner = "admin"
+}
+
+variable "s3_endpoint" {
+  type = string
+}
+
+variable "s3_secret_key" {
+  type = string
+}
+
+variable "s3_access_key" {
+  type = string
+}
+
+module "ssc" {
+  source     = "git::https://github.com/canonical/self-signed-certificates-operator//terraform"
+  model_uuid = data.juju_model.ca-model.uuid
+}
+
+module "cos" {
+  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  model_uuid                      = data.juju_model.cos-model.uuid
+  channel                         = "dev/edge"
+  internal_tls                    = "false"
+  external_certificates_offer_url = "admin/${var.ca_model}.certificates"
+  external_ca_cert_offer_url      = "admin/${var.ca_model}.send-ca-cert"
+
+  s3_endpoint   = var.s3_endpoint
+  s3_secret_key = var.s3_secret_key
+  s3_access_key = var.s3_access_key
+
+  traefik           = { channel = "latest/edge" }  # TODO: Switch to latest/stable when rev257 hits stable
+  loki_coordinator  = { units = 1 }
+  loki_worker       = { backend_units = 1, read_units = 1, write_units = 1 }
+  mimir_coordinator = { units = 1 }
+  mimir_worker      = { backend_units = 1, read_units = 1, write_units = 1 }
+  tempo_coordinator = { units = 1 }
+  tempo_worker      = { compactor_units = 1, distributor_units = 1, ingester_units = 1, metrics_generator_units = 1, querier_units = 1, query_frontend_units = 1 }
+}

tests/integration/cos/tls_full/test_upgrade_cos_tls_full.py

@@ -10,12 +10,14 @@
 from helpers import (
     catalogue_apps_are_reachable,
     get_tls_context,
+    refresh_o11y_apps,
     wait_for_active_idle_without_error,
 )
 
 import jubilant
 
 TRACK_2_TF_FILE = Path(__file__).parent.resolve() / "track-2.tf"
+TRACK_DEV_TF_FILE = Path(__file__).parent.resolve() / "track-dev.tf"
 S3_ENDPOINT = {
     "s3_endpoint": os.getenv("S3_ENDPOINT"),
     "s3_secret_key": os.getenv("S3_SECRET_KEY"),
@@ -38,3 +40,20 @@ def test_deploy_from_track(
     wait_for_active_idle_without_error([cos_model], timeout=5400)
     tls_ctx = get_tls_context(tmp_path, ca_model, "self-signed-certificates")
     catalogue_apps_are_reachable(cos_model, tls_ctx)
+
+
+def test_deploy_to_track(
+    tmp_path, tf_manager, ca_model: jubilant.Juju, cos_model: jubilant.Juju
+):
+    # WHEN upgraded to track n
+    cos_model.remove_relation("traefik:traefik-route", "grafana:ingress")
+    wait_for_active_idle_without_error([cos_model])
+    # FIXME: https://github.com/juju/terraform-provider-juju/issues/967
+    refresh_o11y_apps(cos_model, channel="dev/edge", base="ubuntu@24.04")
+    tf_manager.init(TRACK_DEV_TF_FILE)
+    tf_manager.apply(ca_model=ca_model.model, cos_model=cos_model.model, **S3_ENDPOINT)
+
+    # THEN the model is upgraded and is healthy
+    wait_for_active_idle_without_error([ca_model, cos_model])
+    tls_ctx = get_tls_context(tmp_path, ca_model, "self-signed-certificates")
+    catalogue_apps_are_reachable(cos_model, tls_ctx)

tests/integration/cos/tls_full/track-2.tf

@@ -44,9 +44,9 @@ module "ssc" {
 }
 
 module "cos" {
-  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=track/2"
   model_uuid                      = data.juju_model.cos-model.uuid
-  channel                         = "2/edge"
+  channel                         = "2/stable"
   internal_tls                    = "true"
   external_certificates_offer_url = "admin/${var.ca_model}.certificates"
   external_ca_cert_offer_url      = "admin/${var.ca_model}.send-ca-cert"

tests/integration/cos/tls_full/track-dev.tf

@@ -0,0 +1,65 @@
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    juju = {
+      source  = "juju/juju"
+      version = "~> 1.0"
+    }
+  }
+}
+
+variable "cos_model" {
+  type = string
+}
+
+variable "ca_model" {
+  type = string
+}
+
+data "juju_model" "ca-model" {
+  name  = var.ca_model
+  owner = "admin"
+}
+
+data "juju_model" "cos-model" {
+  name  = var.cos_model
+  owner = "admin"
+}
+
+variable "s3_endpoint" {
+  type = string
+}
+
+variable "s3_secret_key" {
+  type = string
+}
+
+variable "s3_access_key" {
+  type = string
+}
+
+module "ssc" {
+  source     = "git::https://github.com/canonical/self-signed-certificates-operator//terraform"
+  model_uuid = data.juju_model.ca-model.uuid
+}
+
+module "cos" {
+  source                          = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  model_uuid                      = data.juju_model.cos-model.uuid
+  channel                         = "dev/edge"
+  internal_tls                    = "true"
+  external_certificates_offer_url = "admin/${var.ca_model}.certificates"
+  external_ca_cert_offer_url      = "admin/${var.ca_model}.send-ca-cert"
+
+  s3_endpoint   = var.s3_endpoint
+  s3_secret_key = var.s3_secret_key
+  s3_access_key = var.s3_access_key
+
+  traefik           = { channel = "latest/edge" }  # TODO: Switch to latest/stable when rev257 hits stable
+  loki_coordinator  = { units = 1 }
+  loki_worker       = { backend_units = 1, read_units = 1, write_units = 1 }
+  mimir_coordinator = { units = 1 }
+  mimir_worker      = { backend_units = 1, read_units = 1, write_units = 1 }
+  tempo_coordinator = { units = 1 }
+  tempo_worker      = { compactor_units = 1, distributor_units = 1, ingester_units = 1, metrics_generator_units = 1, querier_units = 1, query_frontend_units = 1 }
+}

tests/integration/cos/tls_internal/test_upgrade_cos_tls_internal.py

@@ -9,12 +9,14 @@
 
 from helpers import (
     catalogue_apps_are_reachable,
+    refresh_o11y_apps,
     wait_for_active_idle_without_error,
 )
 
 import jubilant
 
 TRACK_2_TF_FILE = Path(__file__).parent.resolve() / "track-2.tf"
+TRACK_DEV_TF_FILE = Path(__file__).parent.resolve() / "track-dev.tf"
 S3_ENDPOINT = {
     "s3_endpoint": os.getenv("S3_ENDPOINT"),
     "s3_secret_key": os.getenv("S3_SECRET_KEY"),
@@ -34,3 +36,17 @@ def test_deploy_from_track(tmp_path, tf_manager, cos_model: jubilant.Juju):
     tf_manager.apply(model=cos_model.model, **S3_ENDPOINT)
     wait_for_active_idle_without_error([cos_model], timeout=5400)
     catalogue_apps_are_reachable(cos_model)
+
+
+def test_deploy_to_track(tmp_path, tf_manager, cos_model: jubilant.Juju):
+    # WHEN upgraded to track n
+    cos_model.remove_relation("traefik:traefik-route", "grafana:ingress")
+    wait_for_active_idle_without_error([cos_model])
+    # FIXME: https://github.com/juju/terraform-provider-juju/issues/967
+    refresh_o11y_apps(cos_model, channel="dev/edge", base="ubuntu@24.04")
+    tf_manager.init(TRACK_DEV_TF_FILE)
+    tf_manager.apply(model=cos_model.model, **S3_ENDPOINT)
+
+    # THEN the model is upgraded and is healthy
+    wait_for_active_idle_without_error([cos_model])
+    catalogue_apps_are_reachable(cos_model)

tests/integration/cos/tls_internal/track-2.tf

@@ -30,9 +30,9 @@ variable "s3_access_key" {
 }
 
 module "cos" {
-  source       = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  source       = "git::https://github.com/canonical/observability-stack//terraform/cos?ref=track/2"
   model_uuid   = data.juju_model.model.uuid
-  channel      = "2/edge"
+  channel      = "2/stable"
   internal_tls = "true"
 
   s3_endpoint   = var.s3_endpoint

tests/integration/cos/tls_internal/track-dev.tf

@@ -0,0 +1,49 @@
+terraform {
+  required_version = ">= 1.5"
+  required_providers {
+    juju = {
+      source  = "juju/juju"
+      version = "~> 1.0"
+    }
+  }
+}
+
+variable "model" {
+  type = string
+}
+
+data "juju_model" "model" {
+  name  = var.model
+  owner = "admin"
+}
+
+variable "s3_endpoint" {
+  type = string
+}
+
+variable "s3_secret_key" {
+  type = string
+}
+
+variable "s3_access_key" {
+  type = string
+}
+
+module "cos" {
+  source       = "git::https://github.com/canonical/observability-stack//terraform/cos"
+  model_uuid   = data.juju_model.model.uuid
+  channel      = "dev/edge"
+  internal_tls = "true"
+
+  s3_endpoint   = var.s3_endpoint
+  s3_secret_key = var.s3_secret_key
+  s3_access_key = var.s3_access_key
+
+  traefik           = { channel = "latest/edge" }  # TODO: Switch to latest/stable when rev257 hits stable
+  loki_coordinator  = { units = 1 }
+  loki_worker       = { backend_units = 1, read_units = 1, write_units = 1 }
+  mimir_coordinator = { units = 1 }
+  mimir_worker      = { backend_units = 1, read_units = 1, write_units = 1 }
+  tempo_coordinator = { units = 1 }
+  tempo_worker      = { compactor_units = 1, distributor_units = 1, ingester_units = 1, metrics_generator_units = 1, querier_units = 1, query_frontend_units = 1 }
+}