raijin-server 0.1.0__py3-none-any.whl

raijin_server/__init__.py

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+
+__version__ = "0.1.0"
+
+__all__ = ["__version__"]

raijin_server/cli.py

@@ -0,0 +1,447 @@
+"""CLI principal do projeto Raijin Server."""
+
+from __future__ import annotations
+
+import os
+from pathlib import Path
+from typing import Callable, Dict, Optional
+
+import typer
+from rich import box
+from rich.console import Console
+from rich.panel import Panel
+from rich.prompt import Confirm, Prompt
+from rich.table import Table
+
+from raijin_server import __version__
+from raijin_server.modules import (
+    calico,
+    essentials,
+    firewall,
+    grafana,
+    harness,
+    hardening,
+    istio,
+    kafka,
+    kong,
+    kubernetes,
+    loki,
+    minio,
+    network,
+    prometheus,
+    traefik,
+    velero,
+    bootstrap,
+    full_install,
+)
+from raijin_server.utils import ExecutionContext, logger
+from raijin_server.validators import validate_system_requirements, check_module_dependencies
+from raijin_server.healthchecks import run_health_check
+from raijin_server.config import ConfigManager
+
+app = typer.Typer(add_completion=False, help="Automacao de setup e hardening para Ubuntu Server")
+console = Console()
+STATE_DIR_CANDIDATES = [
+    Path("/var/lib/raijin-server/state"),
+    Path.home() / ".local/share/raijin-server/state",
+]
+EXIT_OPTION = "sair"
+_STATE_DIR_CACHE: Optional[Path] = None
+
+BANNER = r"""
+
+      ___           ___                        ___                     ___     
+     /\  \         /\  \          ___         /\  \        ___        /\__\    
+    /::\  \       /::\  \        /\  \        \:\  \      /\  \      /::|  |   
+   /:/\:\  \     /:/\:\  \       \:\  \   ___ /::\__\     \:\  \    /:|:|  |   
+  /::\~\:\  \   /::\~\:\  \      /::\__\ /\  /:/\/__/     /::\__\  /:/|:|  |__ 
+ /:/\:\ \:\__\ /:/\:\ \:\__\  __/:/\/__/ \:\/:/  /     __/:/\/__/ /:/ |:| /\__\
+ \/_|::\/:/  / \/__\:\/:/  / /\/:/  /     \::/  /     /\/:/  /    \/__|:|/:/  /
+    |:|::/  /       \::/  /  \::/__/       \/__/      \::/__/         |:/:/  / 
+    |:|\/__/        /:/  /    \:\__\                   \:\__\         |::/  /  
+    |:|  |         /:/  /      \/__/                    \/__/         /:/  /   
+     \|__|         \/__/                                              \/__/    
+
+"""
+
+MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
+    "bootstrap": bootstrap.run,
+    "hardening": hardening.run,
+    "network": network.run,
+    "essentials": essentials.run,
+    "firewall": firewall.run,
+    "kubernetes": kubernetes.run,
+    "calico": calico.run,
+    "istio": istio.run,
+    "traefik": traefik.run,
+    "kong": kong.run,
+    "minio": minio.run,
+    "prometheus": prometheus.run,
+    "grafana": grafana.run,
+    "loki": loki.run,
+    "harness": harness.run,
+    "velero": velero.run,
+    "kafka": kafka.run,
+    "full_install": full_install.run,
+}
+
+MODULE_DESCRIPTIONS: Dict[str, str] = {
+    "bootstrap": "Instala ferramentas: helm, kubectl, istioctl, velero, containerd",
+    "hardening": "Ajustes de kernel, auditd, fail2ban",
+    "network": "Netplan, hostname, DNS",
+    "essentials": "Pacotes basicos, repos, utilitarios",
+    "firewall": "Regras UFW padrao e serviços basicos",
+    "kubernetes": "Instala kubeadm/kubelet/kubectl e inicializa cluster",
+    "calico": "CNI Calico e politica default deny",
+    "istio": "Service mesh Istio via Helm",
+    "traefik": "Ingress controller Traefik com TLS",
+    "kong": "Ingress/Gateway Kong via Helm",
+    "minio": "Objeto storage S3-compat via Helm",
+    "prometheus": "Stack kube-prometheus",
+    "grafana": "Dashboards e datasource Prometheus",
+    "loki": "Logs centralizados Loki",
+    "harness": "Delegate Harness via Helm",
+    "velero": "Backup/restore de clusters",
+    "kafka": "Cluster Kafka via OCI Helm",
+    "full_install": "Instalacao completa e automatizada do ambiente",
+}
+
+
+def _run_module(ctx: typer.Context, name: str, skip_validation: bool = False) -> None:
+    handler = MODULES.get(name)
+    if handler is None:
+        raise typer.BadParameter(f"Modulo '{name}' nao encontrado.")
+    exec_ctx = ctx.obj or ExecutionContext()
+    
+    # Verifica dependencias do modulo
+    if not skip_validation and not check_module_dependencies(name, exec_ctx):
+        typer.secho(f"Execute primeiro os modulos dependentes antes de '{name}'", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+    
+    try:
+        logger.info(f"Iniciando execucao do modulo: {name}")
+        typer.secho(f"\n{'='*60}", fg=typer.colors.CYAN)
+        typer.secho(f"Executando modulo: {name}", fg=typer.colors.CYAN, bold=True)
+        typer.secho(f"{'='*60}\n", fg=typer.colors.CYAN)
+        
+        handler(exec_ctx)
+        
+        # Executa health check se disponivel
+        if not exec_ctx.dry_run:
+            typer.echo("\nExecutando health check...")
+            health_ok = run_health_check(name, exec_ctx)
+            if health_ok:
+                _mark_completed(name)
+                typer.secho(f"\n✓ Modulo '{name}' concluido com sucesso!", fg=typer.colors.GREEN, bold=True)
+                logger.info(f"Modulo '{name}' concluido com sucesso")
+            else:
+                typer.secho(f"\n⚠ Modulo '{name}' executado mas health check falhou", fg=typer.colors.YELLOW, bold=True)
+                logger.warning(f"Modulo '{name}' executado mas health check falhou")
+        else:
+            typer.secho(f"\n✓ Modulo '{name}' executado em modo dry-run", fg=typer.colors.YELLOW)
+            
+        # Mostra avisos e erros acumulados
+        if exec_ctx.warnings:
+            typer.secho(f"\nAvisos ({len(exec_ctx.warnings)}):", fg=typer.colors.YELLOW)
+            for warn in exec_ctx.warnings:
+                typer.echo(f"  ⚠ {warn}")
+        if exec_ctx.errors:
+            typer.secho(f"\nErros ({len(exec_ctx.errors)}):", fg=typer.colors.RED)
+            for err in exec_ctx.errors:
+                typer.echo(f"  ✗ {err}")
+                
+    except KeyboardInterrupt:
+        logger.warning(f"Modulo '{name}' interrompido pelo usuario")
+        typer.secho(f"\n\n⚠ Modulo '{name}' interrompido", fg=typer.colors.YELLOW)
+        raise typer.Exit(code=130)
+    except Exception as e:
+        logger.error(f"Erro fatal no modulo '{name}': {e}", exc_info=True)
+        typer.secho(f"\n✗ Erro fatal no modulo '{name}': {e}", fg=typer.colors.RED, bold=True)
+        raise typer.Exit(code=1)
+
+
+def _print_banner() -> None:
+    console.print(Panel.fit(BANNER, style="bold blue"))
+    console.print("[bright_white]Automacao de setup e hardening para Ubuntu Server[/bright_white]\n")
+
+
+def _select_state_dir() -> Path:
+    global _STATE_DIR_CACHE
+    if _STATE_DIR_CACHE is not None:
+        return _STATE_DIR_CACHE
+
+    override = os.environ.get("RAIJIN_STATE_DIR")
+    if override:
+        cand = Path(override).expanduser()
+        cand.mkdir(parents=True, exist_ok=True)
+        _STATE_DIR_CACHE = cand
+        console.print(f"[cyan]Usando estado em {cand} (RAIJIN_STATE_DIR)[/cyan]")
+        return cand
+
+    for cand in STATE_DIR_CANDIDATES:
+        try:
+            cand.mkdir(parents=True, exist_ok=True)
+            test = cand / ".rwtest"
+            test.touch()
+            test.unlink()
+            _STATE_DIR_CACHE = cand
+            if cand != STATE_DIR_CANDIDATES[0]:
+                console.print(f"[yellow]Estado gravado em {cand} (fallback por permissao)[/yellow]")
+            return cand
+        except Exception:
+            continue
+
+    fallback = Path("/tmp/raijin-state")
+    fallback.mkdir(parents=True, exist_ok=True)
+    console.print(f"[yellow]Usando fallback /tmp/raijin-state para marcar conclusao[/yellow]")
+    _STATE_DIR_CACHE = fallback
+    return fallback
+
+
+def _state_file(name: str) -> Path:
+    return _select_state_dir() / f"{name}.done"
+
+
+def _mark_completed(name: str) -> None:
+    try:
+        path = _state_file(name)
+        path.write_text("ok\n")
+    except Exception:
+        console.print("[yellow]Nao foi possivel registrar estado (permissao negada). Considere definir RAIJIN_STATE_DIR.[/yellow]")
+
+
+def _is_completed(name: str) -> bool:
+    return _state_file(name).exists()
+
+
+def _render_menu(dry_run: bool) -> int:
+    table = Table(
+        title="Selecione um modulo para executar",
+        header_style="bold white",
+        box=box.ROUNDED,
+        expand=True,
+    )
+    table.add_column("#", justify="right", style="cyan", no_wrap=True)
+    table.add_column("Status", style="green", no_wrap=True)
+    table.add_column("Modulo", style="bold green")
+    table.add_column("Descricao", style="white")
+    for idx, name in enumerate(MODULES.keys(), start=1):
+        desc = MODULE_DESCRIPTIONS.get(name, "")
+        status = "[green]✔[/green]" if _is_completed(name) else "[dim]-[/dim]"
+        table.add_row(f"{idx}", status, name, desc)
+
+    exit_idx = len(MODULES) + 1
+    table.add_row(
+        f"{exit_idx}", "[red]↩[/red]", EXIT_OPTION, "Sair do menu",
+    )
+
+    mode_label = "[yellow]DRY-RUN[/yellow]" if dry_run else "[bold red]APLICAR[/bold red]"
+    console.print(Panel.fit(f"Modo atual: {mode_label}  |  t = alternar modo  |  {EXIT_OPTION} = sair", style="dim"))
+    console.print(table)
+    return exit_idx
+
+
+def interactive_menu(ctx: typer.Context) -> None:
+    exec_ctx = ctx.obj or ExecutionContext()
+    current_dry_run = exec_ctx.dry_run
+    _print_banner()
+    console.print(
+        Panel.fit(
+            f"Use o numero, nome ou '{EXIT_OPTION}'.\nPressione t para alternar dry-run.",
+            style="bold magenta",
+        )
+    )
+
+    while True:
+        exit_idx = _render_menu(current_dry_run)
+        choice = Prompt.ask("Escolha", default=EXIT_OPTION).strip().lower()
+
+        if choice in {"q", EXIT_OPTION}:
+            return
+        if choice == "t":
+            current_dry_run = not current_dry_run
+            exec_ctx.dry_run = current_dry_run
+            continue
+
+        if choice.isdigit():
+            idx = int(choice)
+            if idx == exit_idx:
+                return
+            if 1 <= idx <= len(MODULES):
+                name = list(MODULES.keys())[idx - 1]
+            else:
+                console.print("[red]Opcao invalida[/red]")
+                continue
+        else:
+            name = choice
+
+        if name not in MODULES:
+            console.print("[red]Opcao invalida[/red]")
+            continue
+
+        exec_ctx = ExecutionContext(dry_run=current_dry_run)
+        ctx.obj = exec_ctx
+        _run_module(ctx, name)
+        # Loop continua e menu eh re-renderizado, refletindo status atualizado quando nao eh dry-run.
+
+
+@app.callback(invoke_without_command=True)
+def main(
+    ctx: typer.Context,
+    module: Optional[str] = typer.Option(None, "-m", "--module", help="Modulo a executar"),
+    dry_run: bool = typer.Option(False, "-n", "--dry-run", help="Mostra comandos sem executa-los."),
+    skip_validation: bool = typer.Option(False, "--skip-validation", help="Pula validacoes de pre-requisitos"),
+) -> None:
+    """Mostra um menu simples quando nenhum subcomando e informado."""
+
+    ctx.obj = ExecutionContext(dry_run=dry_run)
+
+    # Executa validacoes de pre-requisitos
+    if not skip_validation and not dry_run:
+        if not validate_system_requirements(ctx.obj, skip_root=False):
+            typer.secho("\nAbortando devido a pre-requisitos nao atendidos.", fg=typer.colors.RED)
+            typer.echo("Use --skip-validation para pular validacoes (nao recomendado).")
+            raise typer.Exit(code=1)
+
+    if ctx.invoked_subcommand:
+        return
+    if module:
+        _run_module(ctx, module, skip_validation=skip_validation)
+        return
+
+    interactive_menu(ctx)
+
+
+@app.command()
+def menu(ctx: typer.Context) -> None:
+    """Abre o menu interativo colorido."""
+
+    interactive_menu(ctx)
+
+
+@app.command()
+def hardening(ctx: typer.Context) -> None:
+    _run_module(ctx, "hardening")
+
+
+@app.command()
+def network(ctx: typer.Context) -> None:
+    _run_module(ctx, "network")
+
+
+@app.command()
+def essentials(ctx: typer.Context) -> None:
+    _run_module(ctx, "essentials")
+
+
+@app.command()
+def firewall(ctx: typer.Context) -> None:
+    _run_module(ctx, "firewall")
+
+
+@app.command()
+def kubernetes(ctx: typer.Context) -> None:
+    _run_module(ctx, "kubernetes")
+
+
+@app.command()
+def calico(ctx: typer.Context) -> None:
+    _run_module(ctx, "calico")
+
+
+@app.command()
+def istio(ctx: typer.Context) -> None:
+    _run_module(ctx, "istio")
+
+
+@app.command()
+def traefik(ctx: typer.Context) -> None:
+    _run_module(ctx, "traefik")
+
+
+@app.command()
+def kong(ctx: typer.Context) -> None:
+    _run_module(ctx, "kong")
+
+
+@app.command()
+def minio(ctx: typer.Context) -> None:
+    _run_module(ctx, "minio")
+
+
+@app.command()
+def prometheus(ctx: typer.Context) -> None:
+    _run_module(ctx, "prometheus")
+
+
+@app.command()
+def grafana(ctx: typer.Context) -> None:
+    _run_module(ctx, "grafana")
+
+
+@app.command()
+def loki(ctx: typer.Context) -> None:
+    _run_module(ctx, "loki")
+
+
+@app.command()
+def harness(ctx: typer.Context) -> None:
+    _run_module(ctx, "harness")
+
+
+@app.command()
+def velero(ctx: typer.Context) -> None:
+    _run_module(ctx, "velero")
+
+
+@app.command()
+def kafka(ctx: typer.Context) -> None:
+    _run_module(ctx, "kafka")
+
+
+@app.command(name="bootstrap")
+def bootstrap_cmd(ctx: typer.Context) -> None:
+    """Instala todas as ferramentas necessarias: helm, kubectl, istioctl, velero, containerd."""
+    _run_module(ctx, "bootstrap")
+
+
+@app.command(name="full-install")
+def full_install_cmd(ctx: typer.Context) -> None:
+    """Executa instalacao completa e automatizada do ambiente de producao."""
+    _run_module(ctx, "full_install")
+
+
+@app.command()
+def version() -> None:
+    """Mostra a versao do CLI."""
+
+    typer.echo(f"raijin-server {__version__}")
+
+
+@app.command()
+def generate_config(output: str = typer.Option("raijin-config.yaml", "--output", "-o", help="Arquivo de saida")) -> None:
+    """Gera template de configuracao YAML/JSON."""
+    
+    ConfigManager.create_template(output)
+
+
+@app.command()
+def validate(skip_root: bool = typer.Option(False, "--skip-root", help="Pula validacao de root")) -> None:
+    """Valida pre-requisitos do sistema sem executar modulos."""
+    
+    ctx = ExecutionContext(dry_run=False)
+    if validate_system_requirements(ctx, skip_root=skip_root):
+        typer.secho("\n✓ Sistema validado com sucesso!", fg=typer.colors.GREEN, bold=True)
+    else:
+        typer.secho("\n✗ Sistema nao atende pre-requisitos", fg=typer.colors.RED, bold=True)
+        raise typer.Exit(code=1)
+
+
+def main_entrypoint() -> None:
+    """Ponto de entrada para console_scripts."""
+
+    app(prog_name="raijin-server")
+
+
+if __name__ == "__main__":
+    main_entrypoint()

raijin_server/config.py

@@ -0,0 +1,139 @@
+"""Gerenciador de configuracoes via arquivo YAML/JSON."""
+
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Any, Dict
+
+import typer
+
+try:
+    import yaml
+    YAML_AVAILABLE = True
+except ImportError:
+    YAML_AVAILABLE = False
+
+
+class ConfigManager:
+    """Gerencia configuracoes do raijin-server via arquivo."""
+
+    def __init__(self, config_path: str | Path | None = None):
+        self.config_path = Path(config_path) if config_path else None
+        self.config: Dict[str, Any] = {}
+        if self.config_path and self.config_path.exists():
+            self.load()
+
+    def load(self) -> None:
+        """Carrega configuracoes do arquivo."""
+        if not self.config_path or not self.config_path.exists():
+            return
+
+        try:
+            content = self.config_path.read_text()
+            if self.config_path.suffix in [".yaml", ".yml"]:
+                if not YAML_AVAILABLE:
+                    raise ImportError("PyYAML nao instalado. Instale com: pip install pyyaml")
+                self.config = yaml.safe_load(content) or {}
+            elif self.config_path.suffix == ".json":
+                self.config = json.loads(content)
+            else:
+                raise ValueError(f"Formato nao suportado: {self.config_path.suffix}")
+        except Exception as e:
+            typer.secho(f"Erro ao carregar config de {self.config_path}: {e}", fg=typer.colors.RED)
+            raise
+
+    def get(self, key: str, default: Any = None) -> Any:
+        """Obtem valor de configuracao."""
+        keys = key.split(".")
+        value = self.config
+        for k in keys:
+            if isinstance(value, dict):
+                value = value.get(k)
+                if value is None:
+                    return default
+            else:
+                return default
+        return value if value is not None else default
+
+    def get_module_config(self, module: str) -> Dict[str, Any]:
+        """Obtem configuracoes especificas de um modulo."""
+        return self.config.get("modules", {}).get(module, {})
+
+    def get_global(self, key: str, default: Any = None) -> Any:
+        """Obtem configuracao global."""
+        return self.config.get("global", {}).get(key, default)
+
+    @classmethod
+    def create_template(cls, output_path: str | Path) -> None:
+        """Cria template de configuracao."""
+        template = {
+            "global": {
+                "dry_run": False,
+                "max_retries": 3,
+                "retry_delay": 5,
+                "timeout": 300,
+                "skip_health_checks": False,
+            },
+            "modules": {
+                "network": {
+                    "interface": "ens18",
+                    "address": "192.168.0.10/24",
+                    "gateway": "192.168.0.1",
+                    "dns": "1.1.1.1,8.8.8.8",
+                },
+                "kubernetes": {
+                    "pod_cidr": "10.244.0.0/16",
+                    "service_cidr": "10.96.0.0/12",
+                    "cluster_name": "raijin",
+                    "advertise_address": "0.0.0.0",
+                },
+                "calico": {
+                    "pod_cidr": "10.244.0.0/16",
+                },
+                "prometheus": {
+                    "namespace": "observability",
+                    "retention": "15d",
+                    "storage": "20Gi",
+                },
+                "grafana": {
+                    "namespace": "observability",
+                    "admin_password": "changeme",
+                    "ingress_host": "grafana.example.com",
+                },
+                "traefik": {
+                    "namespace": "traefik",
+                    "ingress_class": "traefik",
+                },
+            },
+        }
+
+        path = Path(output_path)
+        if path.suffix in [".yaml", ".yml"]:
+            if not YAML_AVAILABLE:
+                typer.secho("PyYAML nao instalado. Salvando como JSON...", fg=typer.colors.YELLOW)
+                path = path.with_suffix(".json")
+                content = json.dumps(template, indent=2)
+            else:
+                content = yaml.dump(template, default_flow_style=False, sort_keys=False)
+        else:
+            content = json.dumps(template, indent=2)
+
+        path.write_text(content)
+        typer.secho(f"Template de configuracao criado em: {path}", fg=typer.colors.GREEN)
+
+
+def prompt_or_config(
+    prompt_text: str,
+    default: str,
+    config_manager: ConfigManager | None,
+    config_key: str,
+) -> str:
+    """Obtem valor de prompt ou config file."""
+    if config_manager:
+        value = config_manager.get(config_key)
+        if value is not None:
+            typer.echo(f"{prompt_text} (via config): {value}")
+            return str(value)
+
+    return typer.prompt(prompt_text, default=default)