packaging: setup: Fix configuring grafana with keycloak

With this flow:
1. Setup an engine with keycloak, no dwh/grafana
2. engine-setup --reconfigure-optional-components, enable dwh+grafana

keycloak is already configured, but we do want to configure grafana to
use keycloak. So remove the condition that we only do this if keycloak
is not configured yet.

Also support configuring grafana on a separate machine when keycloak on
the engine machine is configured.

Change-Id: I019335c60f686d139da0e9368147e035db75ba37
Signed-off-by: Yedidyah Bar David <[email protected]>

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/core/config.py

@@ -25,6 +25,7 @@
 
 from ovirt_engine_setup.engine import constants as oenginecons
 from ovirt_engine_setup.engine_common import constants as oengcommcons
+from ovirt_engine_setup.engine_common import keycloak_utils
 from ovirt_engine_setup import constants as osetupcons
 from ovirt_engine_setup.grafana_dwh import constants as ogdwhcons
 from ovirt_setup_lib import dialog
@@ -70,6 +71,14 @@ def _init(self):
             None,
         )
 
+    @plugin.event(
+        stage=plugin.Stages.STAGE_LATE_SETUP,
+    )
+    def _late_setup(self):
+        self._remote_engine = self.environment[
+            osetupcons.CoreEnv.REMOTE_ENGINE
+        ]
+
     @plugin.event(
         stage=plugin.Stages.STAGE_CUSTOMIZATION,
         condition=lambda self: self.environment[ogdwhcons.CoreEnv.ENABLE],
@@ -184,9 +193,6 @@ def _customization_sso(self):
         if self.environment[oenginecons.CoreEnv.ENABLE]:
             self._register_sso_client = True
         else:
-            self._remote_engine = self.environment[
-                osetupcons.CoreEnv.REMOTE_ENGINE
-            ]
             fd, tmpconf = tempfile.mkstemp()
             atexit.register(os.unlink, tmpconf)
             cmd = self._get_sso_client_registration_cmd(tmpconf)
@@ -224,6 +230,94 @@ def _customization_sso(self):
                 f.write(res)
             self._process_sso_client_registration_result(tmpconf)
 
+    def _is_remote_keycloak_enabled(self):
+        cmd = (
+            'otopi-config-query query '
+            '-k OVESETUP_CONFIG/keycloakEnable '
+            '-f /etc/ovirt-engine-setup.conf'
+        )
+        res = self._remote_engine.execute_on_engine(
+            cmd=cmd,
+            timeout=120,
+            text=_(
+                '\nPlease run the following command on the engine '
+                'machine {engine_fqdn}, and note the output.\n\n'
+                '{cmd}\n'
+            ).format(
+                engine_fqdn=self.environment[
+                    oenginecons.ConfigEnv.ENGINE_FQDN
+                ],
+                cmd=cmd,
+            ),
+        )
+        if res is None:
+            # Likely using manual_files. Ask the user.
+            remote_keycloak_enabled = dialog.queryBoolean(
+                dialog=self.dialog,
+                name='GRAFANA_REMOTE_ENGINE_KEYCLOAK_ENABLED',
+                note=_(
+                    'Was the output of the command "True"? '
+                    '(@VALUES@) [@DEFAULT@]: '
+                    '(@VALUES@) [@DEFAULT@]: '
+                ),
+                prompt=True,
+                default=True,
+            )
+        else:
+            remote_keycloak_enabled = (
+                b''.join(res['stdout']).decode().strip() == 'True'
+            )
+        return remote_keycloak_enabled
+
+    @plugin.event(
+        stage=plugin.Stages.STAGE_CUSTOMIZATION,
+        before=(
+            osetupcons.Stages.DIALOG_TITLES_E_MISC,
+        ),
+        after=(
+            osetupcons.Stages.DIALOG_TITLES_S_MISC,
+        ),
+        condition=lambda self: (
+            self.environment[ogdwhcons.CoreEnv.ENABLE]
+        ),
+    )
+    def _customization_grafana_config(self):
+        # Update the environment where needed - on a separate machine, or
+        # when keycloak was already configured in a previous run.
+        config_content = None
+        config_filename = (
+            oenginecons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG_KEYCLOAK
+        )
+        if self.environment[oenginecons.CoreEnv.ENABLE]:
+            if (
+                self.environment[ogdwhcons.ConfigEnv.NEW_DATABASE] and
+                self.environment[oengcommcons.KeycloakEnv.ENABLE] and
+                self.environment[oengcommcons.KeycloakEnv.CONFIGURED]
+            ):
+                # Relevant flow:
+                # 1. engine-setup - enable keycloak, disable grafana
+                # 2. engine-setup --reconfigure-optional-components, enable
+                #    grafana.
+                with open(config_filename) as f:
+                    config_content = f.read().splitlines()
+        else:
+            if (
+                self.environment[ogdwhcons.ConfigEnv.NEW_DATABASE] or
+                self.environment[oengcommcons.KeycloakEnv.ENABLE] is None
+            ):
+                if self._is_remote_keycloak_enabled():
+                    config_content = self._remote_engine.copy_from_engine(
+                        file_name=config_filename,
+                        dialog_name='GRAFANA_REMOTE_ENGINE_KEYCLOAK_CONF',
+                    ).decode().splitlines()
+                    self.environment[oengcommcons.KeycloakEnv.ENABLE] = True
+                else:
+                    self.environment[oengcommcons.KeycloakEnv.ENABLE] = False
+        if config_content:
+            self.environment.update(
+                keycloak_utils.keycloak_env_from_engine_conf(config_content)
+            )
+
     @plugin.event(
         stage=plugin.Stages.STAGE_MISC,
         name=ogdwhcons.Stages.GRAFANA_CONFIG,
@@ -293,7 +387,7 @@ def _misc_grafana_config(self):
         keycloak_enabled = self.environment.get(oengcommcons.KeycloakEnv.ENABLE)
         keycloak_configured = self.environment.get(oengcommcons.KeycloakEnv.CONFIGURED)
 
-        if keycloak_enabled and not keycloak_configured:
+        if keycloak_enabled:
             auth_url = self.environment[
                 oengcommcons.KeycloakEnv.KEYCLOAK_AUTH_URL
             ]