raijin-server 0.2.10__tar.gz → 0.2.12__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. {raijin_server-0.2.10/src/raijin_server.egg-info → raijin_server-0.2.12}/PKG-INFO +3 -1
  2. {raijin_server-0.2.10 → raijin_server-0.2.12}/README.md +2 -0
  3. {raijin_server-0.2.10 → raijin_server-0.2.12}/setup.cfg +1 -1
  4. raijin_server-0.2.12/src/raijin_server/__init__.py +5 -0
  5. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/cli.py +3 -0
  6. raijin_server-0.2.12/src/raijin_server/modules/metallb.py +85 -0
  7. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/traefik.py +37 -2
  8. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/validators.py +1 -0
  9. {raijin_server-0.2.10 → raijin_server-0.2.12/src/raijin_server.egg-info}/PKG-INFO +3 -1
  10. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/SOURCES.txt +1 -0
  11. raijin_server-0.2.10/src/raijin_server/__init__.py +0 -5
  12. {raijin_server-0.2.10 → raijin_server-0.2.12}/LICENSE +0 -0
  13. {raijin_server-0.2.10 → raijin_server-0.2.12}/pyproject.toml +0 -0
  14. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/config.py +0 -0
  15. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/healthchecks.py +0 -0
  16. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/__init__.py +0 -0
  17. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/apokolips_demo.py +0 -0
  18. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/bootstrap.py +0 -0
  19. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/calico.py +0 -0
  20. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/cert_manager.py +0 -0
  21. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/essentials.py +0 -0
  22. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/firewall.py +0 -0
  23. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/full_install.py +0 -0
  24. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/grafana.py +0 -0
  25. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/hardening.py +0 -0
  26. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/harness.py +0 -0
  27. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/istio.py +0 -0
  28. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/kafka.py +0 -0
  29. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/kong.py +0 -0
  30. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/kubernetes.py +0 -0
  31. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/loki.py +0 -0
  32. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/minio.py +0 -0
  33. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/network.py +0 -0
  34. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/observability_dashboards.py +0 -0
  35. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/observability_ingress.py +0 -0
  36. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/prometheus.py +0 -0
  37. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/sanitize.py +0 -0
  38. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/secrets.py +0 -0
  39. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/ssh_hardening.py +0 -0
  40. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/velero.py +0 -0
  41. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/vpn.py +0 -0
  42. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/scripts/__init__.py +0 -0
  43. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/scripts/checklist.sh +0 -0
  44. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/scripts/install.sh +0 -0
  45. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/scripts/log_size_metric.sh +0 -0
  46. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/scripts/pre-deploy-check.sh +0 -0
  47. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/utils.py +0 -0
  48. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/dependency_links.txt +0 -0
  49. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/entry_points.txt +0 -0
  50. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/requires.txt +0 -0
  51. {raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/top_level.txt +0 -0
  52. {raijin_server-0.2.10 → raijin_server-0.2.12}/tests/test_full_install_sequence.py +0 -0
  53. {raijin_server-0.2.10 → raijin_server-0.2.12}/tests/test_registry.py +0 -0
{raijin_server-0.2.10/src/raijin_server.egg-info → raijin_server-0.2.12}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: raijin-server
3
- Version: 0.2.10
3
+ Version: 0.2.12
4
4
  Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
5
5
  Home-page: https://example.com/raijin-server
6
6
  Author: Equipe Raijin
@@ -188,6 +188,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
188
188
  - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
189
189
  - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
190
190
  - Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
191
+ - **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
191
192
 
192
193
  ## Fluxo de Execução Recomendado
193
194
 
@@ -204,6 +205,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
204
205
  # 3. Kubernetes
205
206
  sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
206
207
  sudo -E ~/.venvs/midgard/bin/raijin-server calico
208
+ sudo -E ~/.venvs/midgard/bin/raijin-server metallb # se ambiente bare metal e quiser Service LoadBalancer
207
209
  sudo -E ~/.venvs/midgard/bin/raijin-server secrets
208
210
  sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
209
211
 
{raijin_server-0.2.10 → raijin_server-0.2.12}/README.md RENAMED
@@ -155,6 +155,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
155
155
  - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
156
156
  - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
157
157
  - Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
158
+ - **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
158
159
 
159
160
  ## Fluxo de Execução Recomendado
160
161
 
@@ -171,6 +172,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
171
172
  # 3. Kubernetes
172
173
  sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
173
174
  sudo -E ~/.venvs/midgard/bin/raijin-server calico
175
+ sudo -E ~/.venvs/midgard/bin/raijin-server metallb # se ambiente bare metal e quiser Service LoadBalancer
174
176
  sudo -E ~/.venvs/midgard/bin/raijin-server secrets
175
177
  sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
176
178
 
{raijin_server-0.2.10 → raijin_server-0.2.12}/setup.cfg RENAMED
@@ -1,6 +1,6 @@
1
1
  [metadata]
2
2
  name = raijin-server
3
- version = 0.2.10
3
+ version = 0.2.12
4
4
  description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
5
5
  long_description = file: README.md
6
6
  long_description_content_type = text/markdown
raijin_server-0.2.12/src/raijin_server/__init__.py ADDED
@@ -0,0 +1,5 @@
1
+ """Pacote principal do CLI Raijin Server."""
2
+
3
+ __version__ = "0.2.12"
4
+
5
+ __all__ = ["__version__"]
{raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/cli.py RENAMED
@@ -32,6 +32,7 @@ from raijin_server.modules import (
32
32
  kong,
33
33
  kubernetes,
34
34
  loki,
35
+ metallb,
35
36
  minio,
36
37
  network,
37
38
  observability_dashboards,
@@ -85,6 +86,7 @@ MODULES: Dict[str, Callable[[ExecutionContext], None]] = {
85
86
  "vpn": vpn.run,
86
87
  "kubernetes": kubernetes.run,
87
88
  "calico": calico.run,
89
+ "metallb": metallb.run,
88
90
  "traefik": traefik.run, # mover antes do cert_manager para refletir dependencia
89
91
  "cert_manager": cert_manager.run,
90
92
  "istio": istio.run,
@@ -119,6 +121,7 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
119
121
  "vpn": "Provisiona WireGuard com cliente inicial",
120
122
  "kubernetes": "Instala kubeadm/kubelet/kubectl e inicializa cluster",
121
123
  "calico": "CNI Calico e politica default deny",
124
+ "metallb": "LoadBalancer em bare metal (pool L2)",
122
125
  "cert_manager": "Instala cert-manager e ClusterIssuer ACME",
123
126
  "istio": "Service mesh Istio via Helm",
124
127
  "traefik": "Ingress controller Traefik com TLS",
raijin_server-0.2.12/src/raijin_server/modules/metallb.py ADDED
@@ -0,0 +1,85 @@
1
+ """Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
2
+
3
+ import typer
4
+
5
+ from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
6
+
7
+
8
+ def run(ctx: ExecutionContext) -> None:
9
+ require_root(ctx)
10
+ typer.echo("Instalando MetalLB via Helm...")
11
+
12
+ pool = typer.prompt(
13
+ "Pool de IPs (range ou CIDR) para services LoadBalancer",
14
+ default="192.168.1.240-192.168.1.250",
15
+ )
16
+
17
+ # Instala control-plane + speaker
18
+ helm_upgrade_install(
19
+ release="metallb",
20
+ chart="metallb",
21
+ namespace="metallb-system",
22
+ repo="metallb",
23
+ repo_url="https://metallb.github.io/metallb",
24
+ ctx=ctx,
25
+ values=[],
26
+ )
27
+
28
+ # Espera recursos principais ficarem prontos
29
+ run_cmd(
30
+ [
31
+ "kubectl",
32
+ "-n",
33
+ "metallb-system",
34
+ "rollout",
35
+ "status",
36
+ "deployment/controller",
37
+ "--timeout",
38
+ "180s",
39
+ ],
40
+ ctx,
41
+ check=False,
42
+ )
43
+ run_cmd(
44
+ [
45
+ "kubectl",
46
+ "-n",
47
+ "metallb-system",
48
+ "rollout",
49
+ "status",
50
+ "daemonset/speaker",
51
+ "--timeout",
52
+ "180s",
53
+ ],
54
+ ctx,
55
+ check=False,
56
+ )
57
+
58
+ # Aplica IPAddressPool + L2Advertisement
59
+ manifest = f"""
60
+ apiVersion: metallb.io/v1beta1
61
+ kind: IPAddressPool
62
+ metadata:
63
+ name: raijin-pool
64
+ namespace: metallb-system
65
+ spec:
66
+ addresses:
67
+ - {pool}
68
+ ---
69
+ apiVersion: metallb.io/v1beta1
70
+ kind: L2Advertisement
71
+ metadata:
72
+ name: raijin-l2
73
+ namespace: metallb-system
74
+ spec:
75
+ ipAddressPools:
76
+ - raijin-pool
77
+ """
78
+
79
+ run_cmd(
80
+ f"echo '{manifest}' | kubectl apply -f -",
81
+ ctx,
82
+ use_shell=True,
83
+ )
84
+
85
+ typer.secho("\n✓ MetalLB aplicado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)
{raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/modules/traefik.py RENAMED
@@ -1,8 +1,34 @@
1
1
  """Configuracao do Traefik via Helm com TLS/ACME e ingressClass."""
2
2
 
3
+ import socket
4
+
3
5
  import typer
4
6
 
5
- from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root
7
+ from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
8
+
9
+
10
+ def _detect_node_name(ctx: ExecutionContext) -> str:
11
+ """Tenta obter o nome do node via kubectl; fallback para hostname local.
12
+
13
+ Em execucao no control-plane, o nome do node retornado pelo kubeadm init e o desejado
14
+ para o nodeSelector (kubernetes.io/hostname)."""
15
+
16
+ result = run_cmd(
17
+ [
18
+ "kubectl",
19
+ "get",
20
+ "nodes",
21
+ "-o",
22
+ "jsonpath={.items[0].metadata.name}",
23
+ ],
24
+ ctx,
25
+ check=False,
26
+ )
27
+ if result.returncode == 0:
28
+ node_name = (result.stdout or "").strip()
29
+ if node_name:
30
+ return node_name
31
+ return socket.gethostname()
6
32
 
7
33
 
8
34
  def run(ctx: ExecutionContext) -> None:
@@ -12,16 +38,25 @@ def run(ctx: ExecutionContext) -> None:
12
38
  acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
13
39
  dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
14
40
 
41
+ node_name = _detect_node_name(ctx)
42
+
15
43
  values = [
16
44
  "ingressClass.enabled=true",
17
45
  "ingressClass.isDefaultClass=true",
18
- "ports.web.redirectTo=websecure", # valor esperado é o nome da porta de destino
19
46
  "service.type=LoadBalancer",
20
47
  f"certificatesResolvers.letsencrypt.acme.email={acme_email}",
21
48
  "certificatesResolvers.letsencrypt.acme.storage=/data/acme.json",
22
49
  "certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=web",
23
50
  "logs.general.level=INFO",
24
51
  "providers.kubernetesIngress.ingressClass=traefik",
52
+ # Permite agendar em control-plane de cluster single-node
53
+ "tolerations[0].key=node-role.kubernetes.io/control-plane",
54
+ "tolerations[0].operator=Exists",
55
+ "tolerations[0].effect=NoSchedule",
56
+ "tolerations[1].key=node-role.kubernetes.io/master",
57
+ "tolerations[1].operator=Exists",
58
+ "tolerations[1].effect=NoSchedule",
59
+ f"nodeSelector.kubernetes.io/hostname={node_name}",
25
60
  ]
26
61
 
27
62
  if dashboard_host:
{raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server/validators.py RENAMED
@@ -19,6 +19,7 @@ from raijin_server.utils import ExecutionContext, logger
19
19
  MODULE_DEPENDENCIES = {
20
20
  "kubernetes": ["essentials", "network", "firewall"],
21
21
  "calico": ["kubernetes"],
22
+ "metallb": ["kubernetes"],
22
23
  "cert_manager": ["kubernetes", "traefik"],
23
24
  "istio": ["kubernetes", "calico"],
24
25
  "traefik": ["kubernetes"],
{raijin_server-0.2.10 → raijin_server-0.2.12/src/raijin_server.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: raijin-server
3
- Version: 0.2.10
3
+ Version: 0.2.12
4
4
  Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
5
5
  Home-page: https://example.com/raijin-server
6
6
  Author: Equipe Raijin
@@ -188,6 +188,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server debug journal --service containerd --
188
188
  - **Publicação PyPI**: ver seção "Publicar no PyPI" abaixo
189
189
  - **CNI automático**: Calico aplicado automaticamente no passo Kubernetes (override com `RAIJIN_CNI=none`)
190
190
  - Para reaplicar CNI (forçar mesmo se já houver): `RAIJIN_FORCE_CNI=1`
191
+ - **LoadBalancer bare metal**: módulo `metallb` aplica pool L2 para Services `LoadBalancer`
191
192
 
192
193
  ## Fluxo de Execução Recomendado
193
194
 
@@ -204,6 +205,7 @@ sudo -E ~/.venvs/midgard/bin/raijin-server firewall
204
205
  # 3. Kubernetes
205
206
  sudo -E ~/.venvs/midgard/bin/raijin-server kubernetes
206
207
  sudo -E ~/.venvs/midgard/bin/raijin-server calico
208
+ sudo -E ~/.venvs/midgard/bin/raijin-server metallb # se ambiente bare metal e quiser Service LoadBalancer
207
209
  sudo -E ~/.venvs/midgard/bin/raijin-server secrets
208
210
  sudo -E ~/.venvs/midgard/bin/raijin-server cert-manager
209
211
 
{raijin_server-0.2.10 → raijin_server-0.2.12}/src/raijin_server.egg-info/SOURCES.txt RENAMED
@@ -30,6 +30,7 @@ src/raijin_server/modules/kafka.py
30
30
  src/raijin_server/modules/kong.py
31
31
  src/raijin_server/modules/kubernetes.py
32
32
  src/raijin_server/modules/loki.py
33
+ src/raijin_server/modules/metallb.py
33
34
  src/raijin_server/modules/minio.py
34
35
  src/raijin_server/modules/network.py
35
36
  src/raijin_server/modules/observability_dashboards.py
raijin_server-0.2.10/src/raijin_server/__init__.py DELETED
@@ -1,5 +0,0 @@
1
- """Pacote principal do CLI Raijin Server."""
2
-
3
- __version__ = "0.2.10"
4
-
5
- __all__ = ["__version__"]
{raijin_server-0.2.10 → raijin_server-0.2.12}/LICENSE RENAMED
File without changes