raijin-server 0.2.17__py3-none-any.whl → 0.2.19__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.17"
+__version__ = "0.2.19"
 
 __all__ = ["__version__"]

raijin_server/modules/metallb.py

@@ -1,6 +1,7 @@
 """Provisiona MetalLB (L2) com pool de IPs para LoadBalancer em ambientes bare metal."""
 
 import socket
+import time
 
 import typer
 
@@ -28,46 +29,168 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
 
 
-def _rollout_wait(kind: str, name: str, ctx: ExecutionContext) -> None:
-    run_cmd([
-        "kubectl",
-        "-n",
-        "metallb-system",
-        "rollout",
-        "status",
-        f"{kind}/{name}",
-        "--timeout",
-        "180s",
-    ], ctx, check=False)
+def _uninstall_metallb(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do MetalLB completamente."""
+    typer.echo("Removendo instalacao anterior do MetalLB...")
+    
+    # Helm uninstall
+    run_cmd(
+        ["helm", "uninstall", "metallb", "-n", "metallb-system"],
+        ctx,
+        check=False,
+    )
+    
+    # Remove CRDs que podem ficar orfaos
+    run_cmd(
+        ["kubectl", "delete", "crd", 
+         "ipaddresspools.metallb.io",
+         "l2advertisements.metallb.io",
+         "bgpadvertisements.metallb.io",
+         "bgppeers.metallb.io",
+         "bfdprofiles.metallb.io",
+         "communities.metallb.io",
+         "servicel2statuses.metallb.io",
+         "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    # Remove namespace se existir
+    run_cmd(
+        ["kubectl", "delete", "namespace", "metallb-system", "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    # Aguarda limpeza
+    time.sleep(5)
 
 
-def _wait_webhook(ctx: ExecutionContext) -> None:
-    # Descobre o nome do deployment do webhook (varia conforme chart), entao aguarda disponibilidade
+def _check_existing_metallb(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do MetalLB."""
     result = run_cmd(
-        [
-            "kubectl",
-            "-n",
-            "metallb-system",
-            "get",
-            "deploy",
-            "-l",
-            "app.kubernetes.io/component=webhook",
-            "-o",
-            "jsonpath={.items[0].metadata.name}",
-        ],
+        ["helm", "status", "metallb", "-n", "metallb-system"],
         ctx,
         check=False,
     )
-    if result.returncode == 0:
-        name = (result.stdout or "").strip()
-        if name:
-            _rollout_wait("deployment", name, ctx)
+    return result.returncode == 0
+
+
+def _wait_for_pods_running(ctx: ExecutionContext, timeout: int = 180) -> bool:
+    """Aguarda todos os pods do MetalLB estarem Running."""
+    typer.echo("Aguardando pods do MetalLB ficarem Running...")
+    deadline = time.time() + timeout
+    
+    while time.time() < deadline:
+        # Verifica se ha pods pending ou em erro
+        result = run_cmd(
+            [
+                "kubectl", "-n", "metallb-system", "get", "pods",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}:{.status.phase}\\n{end}",
+            ],
+            ctx,
+            check=False,
+        )
+        
+        if result.returncode != 0:
+            time.sleep(5)
+            continue
+            
+        output = (result.stdout or "").strip()
+        if not output:
+            time.sleep(5)
+            continue
+        
+        pods = []
+        for line in output.split("\n"):
+            if not line:
+                continue
+            # Split apenas na ultima ocorrencia de ":" para evitar problemas com nomes
+            parts = line.rsplit(":", 1)
+            if len(parts) == 2:
+                pods.append((parts[0], parts[1]))
+        
+        all_running = all(phase == "Running" for _, phase in pods)
+        if all_running and pods:
+            typer.secho(f"  Todos os {len(pods)} pods Running.", fg=typer.colors.GREEN)
+            return True
+        
+        # Mostra status atual
+        pending = [name for name, phase in pods if phase != "Running"]
+        if pending:
+            typer.echo(f"  Aguardando: {', '.join(pending[:3])}...")
+        
+        time.sleep(10)
+    
+    # Timeout - mostra diagnostico
+    typer.secho("  Timeout esperando pods. Diagnostico:", fg=typer.colors.YELLOW)
+    run_cmd(["kubectl", "-n", "metallb-system", "get", "pods", "-o", "wide"], ctx, check=False)
+    run_cmd(["kubectl", "-n", "metallb-system", "get", "events", "--sort-by=.lastTimestamp"], ctx, check=False)
+    return False
+
+
+def _wait_for_webhook_ready(ctx: ExecutionContext, timeout: int = 120) -> bool:
+    """Aguarda webhook estar respondendo."""
+    typer.echo("Aguardando webhook do MetalLB...")
+    deadline = time.time() + timeout
+    
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", "metallb-system", "get", "endpoints",
+                "metallb-webhook-service", "-o", "jsonpath={.subsets[0].addresses[0].ip}",
+            ],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0 and (result.stdout or "").strip():
+            typer.secho("  Webhook disponivel.", fg=typer.colors.GREEN)
+            return True
+        time.sleep(5)
+    
+    typer.secho("  Webhook nao ficou disponivel.", fg=typer.colors.YELLOW)
+    return False
+
+
+def _apply_pool_with_retry(manifest: str, ctx: ExecutionContext, max_attempts: int = 12) -> bool:
+    """Aplica IPAddressPool/L2Advertisement com retry."""
+    typer.echo("Aplicando IPAddressPool e L2Advertisement...")
+    
+    for attempt in range(1, max_attempts + 1):
+        result = run_cmd(
+            f"echo '{manifest}' | kubectl apply -f -",
+            ctx,
+            use_shell=True,
+            check=False,
+        )
+        if result.returncode == 0:
+            typer.secho("  Pool e L2Advertisement aplicados.", fg=typer.colors.GREEN)
+            return True
+        
+        stderr = (result.stderr or "").lower()
+        if "webhook" in stderr or "connection refused" in stderr:
+            typer.echo(f"  Webhook nao pronto, tentativa {attempt}/{max_attempts}...")
+            time.sleep(10)
+        else:
+            typer.secho(f"  Erro: {result.stderr}", fg=typer.colors.RED)
+            return False
+    
+    return False
 
 
 def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
     typer.echo("Instalando MetalLB via Helm...")
 
+    # Prompt opcional de limpeza
+    if _check_existing_metallb(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do MetalLB detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_metallb(ctx)
+
     pool = typer.prompt(
         "Pool de IPs (range ou CIDR) para services LoadBalancer",
         default="192.168.1.100-192.168.1.250",
@@ -89,12 +212,12 @@ def run(ctx: ExecutionContext) -> None:
         "speaker.tolerations[1].key=node-role.kubernetes.io/master",
         "speaker.tolerations[1].operator=Exists",
         "speaker.tolerations[1].effect=NoSchedule",
-        # Escapa a chave com ponto; evita map literal que quebra o schema do chart
+        # nodeSelector com chave escapada
         f"controller.nodeSelector.kubernetes\\.io/hostname={node_name}",
         f"speaker.nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
 
-    # Instala control-plane + speaker
+    # Instala do zero
     helm_upgrade_install(
         release="metallb",
         chart="metallb",
@@ -105,13 +228,16 @@ def run(ctx: ExecutionContext) -> None:
         values=values,
     )
 
-    # Espera recursos principais ficarem prontos
-    _rollout_wait("deployment", "controller", ctx)
-    _rollout_wait("daemonset", "speaker", ctx)
-    _wait_webhook(ctx)
-    run_cmd(["sleep", "5"], ctx, check=False)  # pequeno buffer para webhook responder
+    # Aguarda pods estarem Running
+    if not _wait_for_pods_running(ctx):
+        ctx.errors.append("Pods do MetalLB nao subiram - verifique taints/recursos do cluster")
+        return
+
+    # Aguarda webhook
+    if not _wait_for_webhook_ready(ctx):
+        typer.secho("Continuando mesmo sem confirmacao do webhook...", fg=typer.colors.YELLOW)
 
-    # Aplica IPAddressPool + L2Advertisement
+    # Aplica pool
     manifest = f"""
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
@@ -132,10 +258,8 @@ spec:
     - raijin-pool
 """
 
-    run_cmd(
-        f"echo '{manifest}' | kubectl apply -f -",
-        ctx,
-        use_shell=True,
-    )
+    if not _apply_pool_with_retry(manifest, ctx):
+        ctx.errors.append("Falha ao aplicar IPAddressPool/L2Advertisement")
+        return
 
-    typer.secho("\n✓ MetalLB aplicado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)
+    typer.secho("\n✓ MetalLB instalado. Services LoadBalancer usarao o pool informado.", fg=typer.colors.GREEN, bold=True)

raijin_server/modules/traefik.py

@@ -7,6 +7,36 @@ import typer
 from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
 
 
+def _check_existing_traefik(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do Traefik."""
+    result = run_cmd(
+        ["helm", "status", "traefik", "-n", "traefik"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _uninstall_traefik(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do Traefik."""
+    import time
+    typer.echo("Removendo instalacao anterior do Traefik...")
+    
+    run_cmd(
+        ["helm", "uninstall", "traefik", "-n", "traefik"],
+        ctx,
+        check=False,
+    )
+    
+    run_cmd(
+        ["kubectl", "delete", "namespace", "traefik", "--ignore-not-found"],
+        ctx,
+        check=False,
+    )
+    
+    time.sleep(5)
+
+
 def _detect_node_name(ctx: ExecutionContext) -> str:
     """Tenta obter o nome do node via kubectl; fallback para hostname local.
 
@@ -35,6 +65,15 @@ def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
     typer.echo("Instalando Traefik via Helm...")
 
+    # Prompt opcional de limpeza
+    if _check_existing_traefik(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do Traefik detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_traefik(ctx)
+
     acme_email = typer.prompt("Email para ACME/Let's Encrypt", default="admin@example.com")
     dashboard_host = typer.prompt("Host para dashboard (opcional)", default="traefik.local")
 
@@ -56,7 +95,8 @@ def run(ctx: ExecutionContext) -> None:
         "tolerations[1].key=node-role.kubernetes.io/master",
         "tolerations[1].operator=Exists",
         "tolerations[1].effect=NoSchedule",
-        f"nodeSelector.kubernetes.io/hostname={node_name}",
+        # Escapa chave com ponto para evitar parsing incorreto
+        f"nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
 
     if dashboard_host:

{raijin_server-0.2.17.dist-info → raijin_server-0.2.19.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.17
+Version: 0.2.19
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.17.dist-info → raijin_server-0.2.19.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=Q3OdR-7R6DPbItTfAjyDCsaCREmTNc9lTmwRE4YNpoQ,95
+raijin_server/__init__.py,sha256=0tXuzf-HrPX7SKpdPAcVDC_u8HnxXWAls7-ufyxhsu0,95
 raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -20,7 +20,7 @@ raijin_server/modules/kafka.py,sha256=bp8k_IhuAIO6dL0IpK1UxxLZoGih6nJp0ZnzwmiZEj
 raijin_server/modules/kong.py,sha256=2EZKYBmBhm_7Nduw9PWrvrekp0VCxQbc2gElpAJqKfg,491
 raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
 raijin_server/modules/loki.py,sha256=erwFfSiSFOv-Ul3nFdrI2RElPYuqqBPBBa_MJAwyLys,676
-raijin_server/modules/metallb.py,sha256=g1VWxl5Cmal963nyiiobPYuq-OBKB454LI-U_sLVly4,4090
+raijin_server/modules/metallb.py,sha256=LBavNo5NJn8CM5x2kVuUHbbsdXYp0fkm5oUWfTTqeio,8471
 raijin_server/modules/minio.py,sha256=BVvsEaJlJUV92_ep7pKsBhSYPjWZrDOB3J6XAWYAHYg,486
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
@@ -29,7 +29,7 @@ raijin_server/modules/prometheus.py,sha256=Rs9BREmaoKlyteNdAQZnSIeJfsRO0RQKyyL2g
 raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
 raijin_server/modules/secrets.py,sha256=xpV3gIMnwQdAI2j69Ck5daIK4wlYJA_1rkWTtSfVNk0,3715
 raijin_server/modules/ssh_hardening.py,sha256=oQdk-EVnEHNMKIWvoFuZzI4jK0nNO8IAY4hkB4pj8zw,4025
-raijin_server/modules/traefik.py,sha256=hHjWl8UQodm_wwVOp0TzeYCVf3SpHt_tbgQtvkJi8FY,2467
+raijin_server/modules/traefik.py,sha256=3DAcdW19jBaA1qFuqfwf054bKQCC4htQrY6dXf_cC0k,3539
 raijin_server/modules/velero.py,sha256=_CV0QQnWr5L-CWXDOiD9Ef4J7GaQT-s9yNBwqp_FLOY,1395
 raijin_server/modules/vpn.py,sha256=hF-0vA17VKTxhQLDBSEeqI5aPQpiaaj4IpUf9l6lr64,8297
 raijin_server/scripts/__init__.py,sha256=deduGfHf8BMVWred4ux5LfBDT2NJ5XYeJAt2sDEU4qs,53
@@ -37,9 +37,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.17.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.17.dist-info/METADATA,sha256=sfCzPvuuejO46PlXz6bZydpHNW7Jr3nav-J7UihcEOw,22476
-raijin_server-0.2.17.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.17.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.17.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.17.dist-info/RECORD,,
+raijin_server-0.2.19.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.19.dist-info/METADATA,sha256=PeFtZI1UEbt-j_VTPVGQ2T_guRQvkrOlXUddK25CPoI,22476
+raijin_server-0.2.19.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.19.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.19.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.19.dist-info/RECORD,,