raijin-server 0.2.16__tar.gz → 0.2.18__tar.gz

{raijin_server-0.2.16/src/raijin_server.egg-info → raijin_server-0.2.18}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.16
+Version: 0.2.18
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.16 → raijin_server-0.2.18}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.2.16
+version = 0.2.18
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

raijin_server-0.2.18/src/raijin_server/__init__.py

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+
+__version__ = "0.2.18"
+
+__all__ = ["__version__"]

raijin_server-0.2.18/src/raijin_server/modules/metallb.py

@@ -0,0 +1,258 @@
+"""Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
+
+import socket
+import time
+
+import typer
+
+from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
+
+
+def _detect_node_name(ctx: ExecutionContext) -> str:
+    """Tenta obter o nome do node via kubectl; fallback para hostname local."""
+
+    result = run_cmd(
+        [
+            "kubectl",
+            "get",
+            "nodes",
+            "-o",
+            "jsonpath={.items[0].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        node_name = (result.stdout or "").strip()
+        if node_name:
+            return node_name
+    return socket.gethostname()
+
+
+def _uninstall_metallb(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do MetalLB completamente."""
+    typer.echo("Removendo instalacao anterior do MetalLB...")
+    
+    # Helm uninstall
+    run_cmd(
+        ["helm", "uninstall", "metallb", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    
+    # Remove CRDs que podem ficar orfaos
+    run_cmd(
+        ["kubectl", "delete", "crd", 
+         "ipaddresspools.metallb.io",
+         "l2advertisements.metallb.io",
+         "bgpadvertisements.metallb.io",
+         "bgppeers.metallb.io",
+         "bfdprofiles.metallb.io",
+         "communities.metallb.io",
+         "servicel2statuses.metallb.io",
+         "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    # Remove namespace se existir
+    run_cmd(
+        ["kubectl", "delete", "namespace", "metallb-system", "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    # Aguarda limpeza
+    time.sleep(5)
+
+
+def _check_existing_metallb(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do MetalLB."""
+    result = run_cmd(
+        ["helm", "status", "metallb", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _wait_for_pods_running(ctx: ExecutionContext, timeout: int = 180) -> bool:
+    """Aguarda todos os pods do MetalLB estarem Running."""
+    typer.echo("Aguardando pods do MetalLB ficarem Running...")
+    deadline = time.time() + timeout
+    
+    while time.time() < deadline:
+        # Verifica se ha pods pending ou em erro
+        result = run_cmd(
+            [
+                "kubectl", "-n", "metallb-system", "get", "pods",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}:{.status.phase}\\n{end}",
+            ],
+            ctx,
+            check=False,
+        )
+        
+        if result.returncode != 0:
+            time.sleep(5)
+            continue
+            
+        output = (result.stdout or "").strip()
+        if not output:
+            time.sleep(5)
+            continue
+        
+        pods = [line.split(":") for line in output.split("\n") if line and ":" in line]
+        
+        all_running = all(phase == "Running" for _, phase in pods)
+        if all_running and pods:
+            typer.secho(f"  Todos os {len(pods)} pods Running.", fg=typer.colors.GREEN)
+            return True
+        
+        # Mostra status atual
+        pending = [name for name, phase in pods if phase != "Running"]
+        if pending:
+            typer.echo(f"  Aguardando: {', '.join(pending[:3])}...")
+        
+        time.sleep(10)
+    
+    # Timeout - mostra diagnostico
+    typer.secho("  Timeout esperando pods. Diagnostico:", fg=typer.colors.YELLOW)
+    run_cmd(["kubectl", "-n", "metallb-system", "get", "pods", "-o", "wide"], ctx, check=False)
+    run_cmd(["kubectl", "-n", "metallb-system", "get", "events", "--sort-by=.lastTimestamp"], ctx, check=False)
+    return False
+
+
+def _wait_for_webhook_ready(ctx: ExecutionContext, timeout: int = 120) -> bool:
+    """Aguarda webhook estar respondendo."""
+    typer.echo("Aguardando webhook do MetalLB...")
+    deadline = time.time() + timeout
+    
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", "metallb-system", "get", "endpoints",
+                "metallb-webhook-service", "-o", "jsonpath={.subsets[0].addresses[0].ip}",
+            ],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0 and (result.stdout or "").strip():
+            typer.secho("  Webhook disponivel.", fg=typer.colors.GREEN)
+            return True
+        time.sleep(5)
+    
+    typer.secho("  Webhook nao ficou disponivel.", fg=typer.colors.YELLOW)
+    return False
+
+
+def _apply_pool_with_retry(manifest: str, ctx: ExecutionContext, max_attempts: int = 12) -> bool:
+    """Aplica IPAddressPool/L2Advertisement com retry."""
+    typer.echo("Aplicando IPAddressPool e L2Advertisement...")
+    
+    for attempt in range(1, max_attempts + 1):
+        result = run_cmd(
+            f"echo '{manifest}' | kubectl apply -f -",
+            ctx,
+            use_shell=True,
+            check=False,
+        )
+        if result.returncode == 0:
+            typer.secho("  Pool e L2Advertisement aplicados.", fg=typer.colors.GREEN)
+            return True
+        
+        stderr = (result.stderr or "").lower()
+        if "webhook" in stderr or "connection refused" in stderr:
+            typer.echo(f"  Webhook nao pronto, tentativa {attempt}/{max_attempts}...")
+            time.sleep(10)
+        else:
+            typer.secho(f"  Erro: {result.stderr}", fg=typer.colors.RED)
+            return False
+    
+    return False
+
+
+def run(ctx: ExecutionContext) -> None:
+    require_root(ctx)
+    typer.echo("Instalando MetalLB via Helm...")
+
+    # Prompt opcional de limpeza
+    if _check_existing_metallb(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do MetalLB detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_metallb(ctx)
+
+    pool = typer.prompt(
+        "Pool de IPs (range ou CIDR) para services LoadBalancer",
+        default="192.168.1.100-192.168.1.250",
+    )
+
+    node_name = _detect_node_name(ctx)
+
+    values = [
+        # Permite agendar em control-plane de cluster single-node
+        "controller.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "controller.tolerations[0].operator=Exists",
+        "controller.tolerations[0].effect=NoSchedule",
+        "controller.tolerations[1].key=node-role.kubernetes.io/master",
+        "controller.tolerations[1].operator=Exists",
+        "controller.tolerations[1].effect=NoSchedule",
+        "speaker.tolerations[0].key=node-role.kubernetes.io/control-plane",
+        "speaker.tolerations[0].operator=Exists",
+        "speaker.tolerations[0].effect=NoSchedule",
+        "speaker.tolerations[1].key=node-role.kubernetes.io/master",
+        "speaker.tolerations[1].operator=Exists",
+        "speaker.tolerations[1].effect=NoSchedule",
+        # nodeSelector com chave escapada
+        f"controller.nodeSelector.kubernetes\\.io/hostname={node_name}",
+        f"speaker.nodeSelector.kubernetes\\.io/hostname={node_name}",
+    ]
+
+    # Instala do zero
+    helm_upgrade_install(
+        release="metallb",
+        chart="metallb",
+        namespace="metallb-system",
+        repo="metallb",
+        repo_url="https://metallb.github.io/metallb",
+        ctx=ctx,
+        values=values,
+    )
+
+    # Aguarda pods estarem Running
+    if not _wait_for_pods_running(ctx):
+        ctx.errors.append("Pods do MetalLB nao subiram - verifique taints/recursos do cluster")
+        return
+
+    # Aguarda webhook
+    if not _wait_for_webhook_ready(ctx):
+        typer.secho("Continuando mesmo sem confirmacao do webhook...", fg=typer.colors.YELLOW)
+
+    # Aplica pool
+    manifest = f"""
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: raijin-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - {pool}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: raijin-l2
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - raijin-pool
+"""
+
+    if not _apply_pool_with_retry(manifest, ctx):
+        ctx.errors.append("Falha ao aplicar IPAddressPool/L2Advertisement")
+        return
+
+    typer.secho("\n✓ MetalLB instalado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)

{raijin_server-0.2.16 → raijin_server-0.2.18}/src/raijin_server/modules/traefik.py

@@ -7,6 +7,36 @@ import typer
 from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
 
 
+def _check_existing_traefik(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do Traefik."""
+    result = run_cmd(
+        ["helm", "status", "traefik", "-n", "traefik"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _uninstall_traefik(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do Traefik."""
+    import time
+    typer.echo("Removendo instalacao anterior do Traefik...")
+    
+    run_cmd(
+        ["helm", "uninstall", "traefik", "-n", "traefik"],
+        ctx,
+        check=False,
+    )
+    
+    run_cmd(
+        ["kubectl", "delete", "namespace", "traefik", "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    time.sleep(5)
+
+
 def _detect_node_name(ctx: ExecutionContext) -> str:
     """Tenta obter o nome do node via kubectl; fallback para hostname local.
 
@@ -35,6 +65,15 @@ def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
     typer.echo("Instalando Traefik via Helm...")
 
+    # Prompt opcional de limpeza
+    if _check_existing_traefik(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do Traefik detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_traefik(ctx)
+
     acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
     dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
 
@@ -56,7 +95,8 @@ def run(ctx: ExecutionContext) -> None:
         "tolerations[1].key=node-role.kubernetes.io/master",
         "tolerations[1].operator=Exists",
         "tolerations[1].effect=NoSchedule",
-        f"nodeSelector.kubernetes.io/hostname={node_name}",
+        # Escapa chave com ponto para evitar parsing incorreto
+        f"nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
 
     if dashboard_host:

{raijin_server-0.2.16 → raijin_server-0.2.18/src/raijin_server.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.16
+Version: 0.2.18
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

raijin_server-0.2.16/src/raijin_server/__init__.py

@@ -1,5 +0,0 @@
-"""Pacote principal do CLI Raijin Server."""
-
-__version__ = "0.2.16"
-
-__all__ = ["__version__"]

raijin_server-0.2.16/src/raijin_server/modules/metallb.py

@@ -1,141 +0,0 @@
-"""Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
-
-import socket
-
-import typer
-
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
-
-
-def _detect_node_name(ctx: ExecutionContext) -> str:
-    """Tenta obter o nome do node via kubectl; fallback para hostname local."""
-
-    result = run_cmd(
-        [
-            "kubectl",
-            "get",
-            "nodes",
-            "-o",
-            "jsonpath={.items[0].metadata.name}",
-        ],
-        ctx,
-        check=False,
-    )
-    if result.returncode == 0:
-        node_name = (result.stdout or "").strip()
-        if node_name:
-            return node_name
-    return socket.gethostname()
-
-
-def _rollout_wait(kind: str, name: str, ctx: ExecutionContext) -> None:
-    run_cmd([
-        "kubectl",
-        "-n",
-        "metallb-system",
-        "rollout",
-        "status",
-        f"{kind}/{name}",
-        "--timeout",
-        "180s",
-    ], ctx, check=False)
-
-
-def _wait_webhook(ctx: ExecutionContext) -> None:
-    # Descobre o nome do deployment do webhook (varia conforme chart), entao aguarda disponibilidade
-    result = run_cmd(
-        [
-            "kubectl",
-            "-n",
-            "metallb-system",
-            "get",
-            "deploy",
-            "-l",
-            "app.kubernetes.io/component=webhook",
-            "-o",
-            "jsonpath={.items[0].metadata.name}",
-        ],
-        ctx,
-        check=False,
-    )
-    if result.returncode == 0:
-        name = (result.stdout or "").strip()
-        if name:
-            _rollout_wait("deployment", name, ctx)
-
-
-def run(ctx: ExecutionContext) -> None:
-    require_root(ctx)
-    typer.echo("Instalando MetalLB via Helm...")
-
-    pool = typer.prompt(
-        "Pool de IPs (range ou CIDR) para services LoadBalancer",
-        default="192.168.1.100-192.168.1.250",
-    )
-
-    node_name = _detect_node_name(ctx)
-
-    values = [
-        # Permite agendar em control-plane de cluster single-node
-        "controller.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "controller.tolerations[0].operator=Exists",
-        "controller.tolerations[0].effect=NoSchedule",
-        "controller.tolerations[1].key=node-role.kubernetes.io/master",
-        "controller.tolerations[1].operator=Exists",
-        "controller.tolerations[1].effect=NoSchedule",
-        "speaker.tolerations[0].key=node-role.kubernetes.io/control-plane",
-        "speaker.tolerations[0].operator=Exists",
-        "speaker.tolerations[0].effect=NoSchedule",
-        "speaker.tolerations[1].key=node-role.kubernetes.io/master",
-        "speaker.tolerations[1].operator=Exists",
-        "speaker.tolerations[1].effect=NoSchedule",
-        # Usa set em formato de mapa para preservar a chave com ponto (kubernetes.io/hostname)
-        f"controller.nodeSelector={{\"kubernetes.io/hostname\":\"{node_name}\"}}",
-        f"speaker.nodeSelector={{\"kubernetes.io/hostname\":\"{node_name}\"}}",
-    ]
-
-    # Instala control-plane + speaker
-    helm_upgrade_install(
-        release="metallb",
-        chart="metallb",
-        namespace="metallb-system",
-        repo="metallb",
-        repo_url="https://metallb.github.io/metallb",
-        ctx=ctx,
-        values=values,
-    )
-
-    # Espera recursos principais ficarem prontos
-    _rollout_wait("deployment", "controller", ctx)
-    _rollout_wait("daemonset", "speaker", ctx)
-    _wait_webhook(ctx)
-    run_cmd(["sleep", "5"], ctx, check=False)  # pequeno buffer para webhook responder
-
-    # Aplica IPAddressPool + L2Advertisement
-    manifest = f"""
-apiVersion: metallb.io/v1beta1
-kind: IPAddressPool
-metadata:
-  name: raijin-pool
-  namespace: metallb-system
-spec:
-  addresses:
-    - {pool}
----
-apiVersion: metallb.io/v1beta1
-kind: L2Advertisement
-metadata:
-  name: raijin-l2
-  namespace: metallb-system
-spec:
-  ipAddressPools:
-    - raijin-pool
-"""
-
-    run_cmd(
-        f"echo '{manifest}' | kubectl apply -f -",
-        ctx,
-        use_shell=True,
-    )
-
-    typer.secho("\n✓ MetalLB aplicado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)