raijin-server 0.2.21__py3-none-any.whl → 0.2.22__py3-none-any.whl

raijin_server/modules/velero.py

@@ -1,47 +1,166 @@
-"""Backup e restore com Velero."""
+"""Backup e restore com Velero (production-ready)."""
+
+import time
 
 import typer
 
 from raijin_server.utils import ExecutionContext, ensure_tool, require_root, run_cmd
 
 
+def _check_existing_velero(ctx: ExecutionContext) -> bool:
+    """Verifica se existe instalacao do Velero."""
+    result = run_cmd(
+        ["kubectl", "get", "deployment", "velero", "-n", "velero"],
+        ctx,
+        check=False,
+    )
+    return result.returncode == 0
+
+
+def _uninstall_velero(ctx: ExecutionContext) -> None:
+    """Remove instalacao anterior do Velero."""
+    typer.echo("Removendo instalacao anterior do Velero...")
+    
+    run_cmd(
+        ["velero", "uninstall", "--force"],
+        ctx,
+        check=False,
+    )
+    
+    # Remove schedules
+    run_cmd(
+        ["velero", "schedule", "delete", "--all", "--confirm"],
+        ctx,
+        check=False,
+    )
+    
+    time.sleep(5)
+
+
+def _wait_for_velero_ready(ctx: ExecutionContext, timeout: int = 180) -> bool:
+    """Aguarda pods do Velero ficarem Ready."""
+    typer.echo("Aguardando pods do Velero ficarem Ready...")
+    deadline = time.time() + timeout
+    
+    while time.time() < deadline:
+        result = run_cmd(
+            [
+                "kubectl", "-n", "velero", "get", "pods",
+                "-l", "component=velero",
+                "-o", "jsonpath={range .items[*]}{.metadata.name}={.status.phase} {end}",
+            ],
+            ctx,
+            check=False,
+        )
+        
+        if result.returncode == 0:
+            output = (result.stdout or "").strip()
+            if output:
+                pods = []
+                for item in output.split():
+                    if "=" in item:
+                        parts = item.rsplit("=", 1)
+                        if len(parts) == 2:
+                            pods.append((parts[0], parts[1]))
+                
+                if pods and all(phase == "Running" for _, phase in pods):
+                    typer.secho("  Velero Ready.", fg=typer.colors.GREEN)
+                    return True
+        
+        time.sleep(10)
+    
+    typer.secho("  Timeout aguardando Velero.", fg=typer.colors.YELLOW)
+    return False
+
+
 def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
-    ensure_tool("velero", ctx, install_hint="Instale o binario do Velero.")
+    ensure_tool("velero", ctx, install_hint="Instale o binario do Velero: https://velero.io/docs/main/basic-install/")
+
+    # Prompt opcional de limpeza
+    if _check_existing_velero(ctx):
+        cleanup = typer.confirm(
+            "Instalacao anterior do Velero detectada. Limpar antes de reinstalar?",
+            default=False,
+        )
+        if cleanup:
+            _uninstall_velero(ctx)
 
     typer.echo("Instalando Velero no cluster...")
-    provider = typer.prompt("Provider", default="aws")
-    bucket = typer.prompt("Bucket", default="velero-backups")
+    
+    provider = typer.prompt("Provider (aws, azure, gcp)", default="aws")
+    bucket = typer.prompt("Bucket para backups", default="velero-backups")
     region = typer.prompt("Region", default="us-east-1")
-    s3_url = typer.prompt("S3 URL", default="https://s3.amazonaws.com")
+    s3_url = typer.prompt("S3 URL (para MinIO usar http://minio.minio.svc:9000)", default="https://s3.amazonaws.com")
     secret_file = typer.prompt("Arquivo de credenciais (secret-file)", default="/etc/velero/credentials")
+    use_restic = typer.confirm("Habilitar Restic/Kopia para backups de PV?", default=True)
     schedule = typer.prompt("Schedule cron para backups (ex: '0 2 * * *')", default="0 2 * * *")
 
+    # Build velero install command with tolerations
+    install_cmd = [
+        "velero",
+        "install",
+        "--provider", provider,
+        "--bucket", bucket,
+        "--secret-file", secret_file,
+        "--backup-location-config", f"region={region},s3Url={s3_url}",
+        "--pod-annotations", "prometheus.io/scrape=true,prometheus.io/port=8085",
+    ]
+
+    # Add plugin based on provider
+    if provider == "aws":
+        install_cmd.extend(["--plugins", "velero/velero-plugin-for-aws:v1.8.0"])
+    elif provider == "azure":
+        install_cmd.extend(["--plugins", "velero/velero-plugin-for-microsoft-azure:v1.8.0"])
+    elif provider == "gcp":
+        install_cmd.extend(["--plugins", "velero/velero-plugin-for-gcp:v1.8.0"])
+
+    if use_restic:
+        install_cmd.append("--use-node-agent")
+
+    # For MinIO/S3-compatible, disable SSL verification if using http
+    if s3_url.startswith("http://"):
+        install_cmd.extend(["--backup-location-config", "s3ForcePathStyle=true"])
+
+    run_cmd(install_cmd, ctx)
+
+    # Apply tolerations patch
+    typer.echo("Aplicando tolerations para control-plane...")
+    tolerations_patch = """spec:
+  template:
+    spec:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule"""
+
     run_cmd(
-        [
-            "velero",
-            "install",
-            "--provider",
-            provider,
-            "--bucket",
-            bucket,
-            "--secret-file",
-            secret_file,
-            "--backup-location-config",
-            f"region={region},s3Url={s3_url}",
-            "--use-restic",
-        ],
+        ["kubectl", "-n", "velero", "patch", "deployment", "velero",
+         "--type=strategic", "-p", tolerations_patch],
         ctx,
+        check=False,
     )
 
+    if not ctx.dry_run:
+        _wait_for_velero_ready(ctx)
+
     typer.echo("Criando schedule de backup padrao...")
     run_cmd([
         "velero",
         "create",
         "schedule",
         "raijin-daily",
-        "--schedule",
-        schedule,
-        "--include-namespaces",
-        "*",
+        "--schedule", schedule,
+        "--include-namespaces", "*",
+        "--ttl", "720h",  # 30 dias
     ], ctx, check=False)
+
+    typer.secho("\n✓ Velero instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
+    typer.echo("\nComandos uteis:")
+    typer.echo("  velero backup get                    # Listar backups")
+    typer.echo("  velero backup create manual-backup   # Criar backup manual")
+    typer.echo("  velero restore create --from-backup <name>  # Restaurar")
+    typer.echo("  velero schedule get                  # Listar schedules")

{raijin_server-0.2.21.dist-info → raijin_server-0.2.22.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.21
+Version: 0.2.22
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.2.21.dist-info → raijin_server-0.2.22.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=VVp0nBf52A6OhLje6ag_c7qYikaK6pPRsHuOQbB75Ps,95
+raijin_server/__init__.py,sha256=qzNalRbU6EqalXEP-Gjun7ihahvl564nJaj0cL93bBI,95
 raijin_server/cli.py,sha256=71nn7QN0f3MJkXcHr0STXmxljr-CaPibzOoiItbOT88,28571
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -8,38 +8,38 @@ raijin_server/modules/__init__.py,sha256=e_IbkhLGPcF8to9QUmIESP6fpcTOYcIhaXLKIvq
 raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
 raijin_server/modules/calico.py,sha256=TTPF1bLFdAKb3IVOqFqRxNblULkRmMMRylsIBp4w8I8,6700
-raijin_server/modules/cert_manager.py,sha256=Mt0RshleasflKW4OASNMJ4BpMYWtZMspRCaqy56icQU,46942
+raijin_server/modules/cert_manager.py,sha256=XkFlXJjiP4_9It_PJaFcVYMS-QKTzzFAt839QQ9qNsg,50223
 raijin_server/modules/essentials.py,sha256=2xUXCyCQtFGd2DnCKV81N1R6bEJqH8zaet8mLovtQ1I,689
 raijin_server/modules/firewall.py,sha256=h6AISqiZeTinVT7BjmQIS872qRAFZJLg7meqlth3cfw,757
 raijin_server/modules/full_install.py,sha256=xiKe2GLuZ97c4YdTmhP-kwDVuJJ9Xq3dlgcLlqSPeYM,15518
-raijin_server/modules/grafana.py,sha256=zxYpWBM-fD8vTgoJ2Hmb9P66wz_JuiidO6_cGK3jG30,1809
+raijin_server/modules/grafana.py,sha256=DdDLxmTeFnDRvcRLkpg1RuR9o1ZAArk2W-DTLLyfWHg,6009
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
-raijin_server/modules/harness.py,sha256=dhZ89YIhlkuxiRU1deN6wXVWnXm0xeI03PwYf_qgfak,1527
-raijin_server/modules/istio.py,sha256=761FOGEzEXWlTLYApQxUWY8l4cnEbnIXbIHK3itk_AQ,522
-raijin_server/modules/kafka.py,sha256=bp8k_IhuAIO6dL0IpK1UxxLZoGih6nJp0ZnzwmiZEj8,950
-raijin_server/modules/kong.py,sha256=2EZKYBmBhm_7Nduw9PWrvrekp0VCxQbc2gElpAJqKfg,491
+raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
+raijin_server/modules/istio.py,sha256=yXFLMmmH-35XohrQ6ZOyMTbJIbsuIemoAb-1nU94HIw,5686
+raijin_server/modules/kafka.py,sha256=n7ZpLPWv6sKBJhdBiPe7VgeDB24YiCIOWvOQkWwt03Y,5664
+raijin_server/modules/kong.py,sha256=cRDzAP9Ne3Qte6sqmxWUS-aJVgiaf4B0uqFvg02Nw5E,5076
 raijin_server/modules/kubernetes.py,sha256=waSf2cCVnLicN5o3M47MzMzmHHtvKeFXm1__8ynQzA0,11871
-raijin_server/modules/loki.py,sha256=erwFfSiSFOv-Ul3nFdrI2RElPYuqqBPBBa_MJAwyLys,676
+raijin_server/modules/loki.py,sha256=aNiUpnOFppZMXoQwYhn7IoPMzwUz4aHi6pbiqj1PRjc,5022
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
-raijin_server/modules/minio.py,sha256=BVvsEaJlJUV92_ep7pKsBhSYPjWZrDOB3J6XAWYAHYg,486
+raijin_server/modules/minio.py,sha256=wxL8U1Zl3XtI-wymIeZonmi561v1zf-bY4TTVPKisLA,6221
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
 raijin_server/modules/observability_ingress.py,sha256=Fh1rlFWueBNHnOkHuoHYyhILmpO-iQXINybSUYbYsHQ,5738
-raijin_server/modules/prometheus.py,sha256=Rs9BREmaoKlyteNdAQZnSIeJfsRO0RQKyyL2gTnXyCw,3716
+raijin_server/modules/prometheus.py,sha256=wT9jdcC-8vVysVKgMR5isGbxxpvGFPRf7fhMAGd9kJU,10761
 raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
-raijin_server/modules/secrets.py,sha256=xpV3gIMnwQdAI2j69Ck5daIK4wlYJA_1rkWTtSfVNk0,3715
+raijin_server/modules/secrets.py,sha256=d4j12feQL8m_4-hYN5FfboQHvBc75TFeGno3OzrXokE,9266
 raijin_server/modules/ssh_hardening.py,sha256=oQdk-EVnEHNMKIWvoFuZzI4jK0nNO8IAY4hkB4pj8zw,4025
 raijin_server/modules/traefik.py,sha256=crEYIqAidAhh_H93qIvCbTtJ7BjO-3ef77alLc_--Gg,3535
-raijin_server/modules/velero.py,sha256=_CV0QQnWr5L-CWXDOiD9Ef4J7GaQT-s9yNBwqp_FLOY,1395
+raijin_server/modules/velero.py,sha256=yDtqd6yUu0L5wzLCjYXqvvxB_RyaAoZtntb6HoHVAOo,5642
 raijin_server/modules/vpn.py,sha256=hF-0vA17VKTxhQLDBSEeqI5aPQpiaaj4IpUf9l6lr64,8297
 raijin_server/scripts/__init__.py,sha256=deduGfHf8BMVWred4ux5LfBDT2NJ5XYeJAt2sDEU4qs,53
 raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndyCxWh0,1842
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.21.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.21.dist-info/METADATA,sha256=sUi7TkmHKaSdLS4t7o5GeVGYi1suHC0Ip4duEd8vtF4,22476
-raijin_server-0.2.21.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.21.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.21.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.21.dist-info/RECORD,,
+raijin_server-0.2.22.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.22.dist-info/METADATA,sha256=KJ9U2nD6U8oPBYajp4Xzht78cZmcWlPdrIDAox8wvm8,22476
+raijin_server-0.2.22.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.22.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.22.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.22.dist-info/RECORD,,