raijin-server 0.2.2__py3-none-any.whl → 0.2.4__py3-none-any.whl

raijin_server/modules/full_install.py

@@ -25,6 +25,49 @@ from raijin_server.modules import (
 )
 
 
+def _cert_manager_install_only(ctx: ExecutionContext) -> None:
+    """Wrapper para instalar cert-manager sem interação."""
+    if not cert_manager.install_only(ctx):
+        raise RuntimeError("Falha na instalação do cert-manager")
+    
+    # Cria issuer HTTP01 padrão para staging (teste) e produção
+    # O usuário pode criar issuers adicionais depois com 'raijin-server cert install'
+    email = os.environ.get("RAIJIN_ACME_EMAIL", "")
+    if email and "@" in email:
+        typer.secho("\n📜 Criando ClusterIssuers padrão...", fg=typer.colors.CYAN)
+        
+        # Cria issuer de staging (para testes)
+        cert_manager.create_issuer(
+            ctx,
+            name="letsencrypt-staging",
+            email=email,
+            challenge_type="http01",
+            staging=True,
+            ingress_class="traefik",
+        )
+        
+        # Cria issuer de produção
+        cert_manager.create_issuer(
+            ctx,
+            name="letsencrypt-prod",
+            email=email,
+            challenge_type="http01",
+            staging=False,
+            ingress_class="traefik",
+        )
+        
+        typer.secho("✓ ClusterIssuers 'letsencrypt-staging' e 'letsencrypt-prod' criados", fg=typer.colors.GREEN)
+    else:
+        typer.secho(
+            "ℹ Para criar ClusterIssuers automaticamente, defina RAIJIN_ACME_EMAIL",
+            fg=typer.colors.YELLOW,
+        )
+        typer.secho(
+            "  Exemplo: export RAIJIN_ACME_EMAIL=admin@seudominio.com",
+            fg=typer.colors.YELLOW,
+        )
+
+
 # Ordem de execucao dos modulos para instalacao completa
 # Modulos marcados com skip_env podem ser pulados via variavel de ambiente
 INSTALL_SEQUENCE = [
@@ -36,7 +79,7 @@ INSTALL_SEQUENCE = [
     ("firewall", firewall.run, "Firewall UFW", None),
     ("kubernetes", kubernetes.run, "Cluster Kubernetes (kubeadm)", None),
     ("calico", calico.run, "CNI Calico + NetworkPolicy", None),
-    ("cert_manager", cert_manager.run, "cert-manager + ClusterIssuer ACME", None),
+    ("cert_manager", _cert_manager_install_only, "cert-manager (instalacao base)", None),
     ("secrets", secrets.run, "Sealed-Secrets + External-Secrets", None),
     ("prometheus", prometheus.run, "Monitoramento Prometheus", None),
     ("grafana", grafana.run, "Dashboards Grafana", None),

raijin_server/utils.py

@@ -203,8 +203,64 @@ def ensure_tool(name: str, ctx: ExecutionContext, install_hint: str = "") -> Non
         raise typer.Exit(code=1)
 
 
+def _fix_broken_apt_sources(ctx: ExecutionContext) -> None:
+    """Corrige repositórios APT quebrados (mirrors brasileiros problemáticos)."""
+    if ctx.dry_run:
+        typer.echo("[dry-run] Verificando/corrigindo repositórios APT...")
+        return
+
+    sources_list = Path("/etc/apt/sources.list")
+
+    # Detecta se está usando mirror brasileiro quebrado
+    needs_fix = False
+    if sources_list.exists():
+        content = sources_list.read_text()
+        if "br.archive.ubuntu.com" in content or "br.ports.ubuntu.com" in content:
+            needs_fix = True
+
+    if not needs_fix:
+        return
+
+    typer.secho(
+        "⚠ Detectado mirror brasileiro possivelmente quebrado. Corrigindo...",
+        fg=typer.colors.YELLOW,
+    )
+    logger.warning("Corrigindo mirror brasileiro quebrado em sources.list")
+
+    # Backup do original
+    backup = sources_list.with_suffix(".list.bak")
+    if not backup.exists():
+        import shutil as sh
+        sh.copy2(sources_list, backup)
+
+    # Substitui mirror brasileiro pelo principal
+    new_content = content.replace("br.archive.ubuntu.com", "archive.ubuntu.com")
+    new_content = new_content.replace("br.ports.ubuntu.com", "ports.ubuntu.com")
+    sources_list.write_text(new_content)
+
+    typer.secho("✓ Repositórios corrigidos (backup em sources.list.bak)", fg=typer.colors.GREEN)
+
+
 def apt_update(ctx: ExecutionContext) -> None:
-    run_cmd(["apt-get", "update"], ctx)
+    """Executa apt-get update, corrigindo repositórios quebrados se necessário."""
+    _fix_broken_apt_sources(ctx)
+
+    # Tenta o update; se falhar com erro de Release, tenta corrigir
+    try:
+        run_cmd(["apt-get", "update"], ctx, retries=2)
+    except Exception as e:
+        error_msg = str(e).lower()
+        if "release" in error_msg or "no longer has" in error_msg:
+            typer.secho(
+                "⚠ Erro de repositório detectado. Tentando fallback...",
+                fg=typer.colors.YELLOW,
+            )
+            # Força correção e tenta novamente
+            ctx_temp = ExecutionContext(dry_run=False)
+            _fix_broken_apt_sources(ctx_temp)
+            run_cmd(["apt-get", "update"], ctx)
+        else:
+            raise
 
 
 def apt_install(packages: Iterable[str], ctx: ExecutionContext) -> None:

{raijin_server-0.2.2.dist-info → raijin_server-0.2.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.2
+Version: 0.2.4
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -81,6 +81,36 @@ source .venv/bin/activate
 python -m pip install -e .
 ```
 
+### Instalação em Produção (Recomendado)
+
+Para servidores em produção, use um venv isolado e execute com sudo preservando o ambiente:
+
+```bash
+# 1. Sair do venv atual (se estiver ativo)
+deactivate
+
+# 2. (Opcional) Remover venv antigo
+rm -rf ~/.venvs/raijin
+
+# 3. Criar venv novo
+python3 -m venv ~/.venvs/raijin
+source ~/.venvs/raijin/bin/activate
+pip install -U pip setuptools
+
+# 4. Instalar a versão mais recente
+pip install -U raijin-server
+
+# 5. Rodar usando root preservando o venv
+sudo -E ~/.venvs/raijin/bin/raijin-server --version
+sudo -E ~/.venvs/raijin/bin/raijin-server validate
+sudo -E ~/.venvs/raijin/bin/raijin-server full-install
+
+# 6. Para sair do venv quando terminar
+deactivate
+```
+
+> **Nota**: O `-E` no sudo preserva as variáveis de ambiente, garantindo que o Python use o venv correto mesmo como root.
+
 ## Uso rapido
 
 ### Validar Sistema

{raijin_server-0.2.2.dist-info → raijin_server-0.2.4.dist-info}/RECORD

@@ -1,17 +1,17 @@
-raijin_server/__init__.py,sha256=Hab-ShCbCccDeV0rMro8pi6eZ53o1rnzj1_CvAx-3IY,94
-raijin_server/cli.py,sha256=ZgaSkXwXaND7HHeySjIn4GEmTVTqUDttUfqXJ9yZV1E,16772
+raijin_server/__init__.py,sha256=7-69Vj-HYrv98hWrKmwDqDQ-ehtTqJebx1JeP4St6Q4,94
+raijin_server/cli.py,sha256=PfuIXc-pw1yZtJzCrxDVSWSsPAVBt9wqZBF-dWh6mwo,19274
 raijin_server/config.py,sha256=Dta2CS1d6RgNiQ84P6dTXk98boFrjzuvhs_fCdlm0I4,4810
-raijin_server/healthchecks.py,sha256=-mQq-dGZ2id16wvPmiTPjDHw14PBwz_i8AXi307V38k,12411
-raijin_server/utils.py,sha256=zqwbI48MwEI9YPOF2dtFYgjTlPxeJ6k1EWrL8xQbo7o,9401
+raijin_server/healthchecks.py,sha256=BJyWyUDtEswEblvGwWMejtMnsUb8kJcULVdS9iycrcc,14565
+raijin_server/utils.py,sha256=oQM-NGL_kmlNZejFvxXk85MI_WkcxNfwaw5LeAsKUFU,11476
 raijin_server/validators.py,sha256=qOZMHgwjHogVf17UPlxfUCpQd9qAGQW7tycd8mUvnEs,9404
 raijin_server/modules/__init__.py,sha256=e_IbkhLGPcF8to9QUmIESP6fpcTOYcIhaXLKIvqRJMY,920
-raijin_server/modules/apokolips_demo.py,sha256=gMUpYNaO0V20KoNa4ljyA1W9HJbY__O9AEO64NuWGhE,12365
+raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
 raijin_server/modules/calico.py,sha256=a8N7YYv7NoaspPKdhRtwHy3V2mM4cP5xA1H8BwslB18,4139
-raijin_server/modules/cert_manager.py,sha256=bSv5CRbPlH3DHWHBqUNTKVh0C973E4XC8WzGieOHh3A,4882
+raijin_server/modules/cert_manager.py,sha256=3aXK2ivh0eCFLMllpWjUWS36UA3sWplP40daQRfWv14,34393
 raijin_server/modules/essentials.py,sha256=2xUXCyCQtFGd2DnCKV81N1R6bEJqH8zaet8mLovtQ1I,689
 raijin_server/modules/firewall.py,sha256=h6AISqiZeTinVT7BjmQIS872qRAFZJLg7meqlth3cfw,757
-raijin_server/modules/full_install.py,sha256=Mk_SHBrtL4zgjgd2shUuhp4fyDIPdlBVZtC5t8x-1vU,5908
+raijin_server/modules/full_install.py,sha256=aR3yOuD7y0KLI20eMrxuFBNrWWn7JMpI4HFKNizEF3o,7464
 raijin_server/modules/grafana.py,sha256=zxYpWBM-fD8vTgoJ2Hmb9P66wz_JuiidO6_cGK3jG30,1809
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=dhZ89YIhlkuxiRU1deN6wXVWnXm0xeI03PwYf_qgfak,1527
@@ -36,9 +36,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=IZOTujOSGmKpznwgL59picsQNVzYkai6FtfFS3Klf34,3908
 raijin_server/scripts/log_size_metric.sh,sha256=rC2Ck4xnYVJV4Qymu24-indC8bkzfZs4FBqqxGPRl1I,1143
 raijin_server/scripts/pre-deploy-check.sh,sha256=naPUgKjnKgsh-eGDH2623C7zcr9VjDEw1H0lfYaXW8c,4853
-raijin_server-0.2.2.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.2.dist-info/METADATA,sha256=vQdAqxd4Ycmm6QQDfIg_Sx1Ldvm7MlsVz2WcFSpIOnE,16941
-raijin_server-0.2.2.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.2.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.2.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.2.dist-info/RECORD,,
+raijin_server-0.2.4.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.4.dist-info/METADATA,sha256=4X4baNp5EyOCEl916XlHFbXtd25KWwhtwPky5nzT0lU,17772
+raijin_server-0.2.4.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.4.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.4.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.4.dist-info/RECORD,,