raijin-server 0.2.37__py3-none-any.whl → 0.2.39__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.37"
+__version__ = "0.2.39"
 
 __all__ = ["__version__"]

raijin_server/modules/minio.py

@@ -2,12 +2,21 @@
 
 import secrets
 import socket
+import tempfile
 import time
+from pathlib import Path
+import textwrap
 
 import typer
 
 from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root, run_cmd
 
+LOCAL_PATH_PROVISIONER_URL = (
+    "https://raw.githubusercontent.com/rancher/local-path-provisioner/"
+    "v0.0.30/deploy/local-path-storage.yaml"
+)
+RAIJIN_LOCAL_PATH_SC_NAME = "raijin-local-path"
+
 
 def _detect_node_name(ctx: ExecutionContext) -> str:
     """Detecta nome do node para nodeSelector."""
@@ -26,6 +35,198 @@ def _generate_secret(length: int = 32) -> str:
     return secrets.token_urlsafe(length)[:length]
 
 
+def _apply_manifest(ctx: ExecutionContext, manifest: str, description: str) -> bool:
+    """Aplica manifest YAML temporario com kubectl."""
+    tmp_path = None
+    try:
+        with tempfile.NamedTemporaryFile("w", delete=False, suffix=".yaml") as tmp:
+            tmp.write(manifest)
+            tmp.flush()
+            tmp_path = Path(tmp.name)
+        result = run_cmd(
+            ["kubectl", "apply", "-f", str(tmp_path)],
+            ctx,
+            check=False,
+        )
+        if result.returncode != 0:
+            typer.secho(f"  Falha ao aplicar {description}.", fg=typer.colors.RED)
+            return False
+        typer.secho(f"  ✓ {description} aplicado.", fg=typer.colors.GREEN)
+        return True
+    finally:
+        if tmp_path and tmp_path.exists():
+            tmp_path.unlink(missing_ok=True)
+
+
+def _create_raijin_local_path_sc(ctx: ExecutionContext) -> bool:
+    """Cria StorageClass com volumeBindingMode=Immediate baseada no local-path."""
+    manifest = textwrap.dedent(
+        f"""
+        apiVersion: storage.k8s.io/v1
+        kind: StorageClass
+        metadata:
+          name: {RAIJIN_LOCAL_PATH_SC_NAME}
+        provisioner: rancher.io/local-path
+        reclaimPolicy: Delete
+        volumeBindingMode: Immediate
+        allowVolumeExpansion: true
+        parameters:
+          type: ""
+        """
+    ).strip()
+    typer.echo(
+        f"Criando StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' com binding imediato para PVCs do MinIO..."
+    )
+    return _apply_manifest(ctx, manifest, f"StorageClass {RAIJIN_LOCAL_PATH_SC_NAME}")
+
+
+def _get_default_storage_class(ctx: ExecutionContext) -> str:
+    """Retorna o nome da StorageClass default do cluster, se existir."""
+    result = run_cmd(
+        [
+            "kubectl", "get", "storageclass",
+            "-o", "jsonpath={.items[?(@.metadata.annotations.storageclass\\.kubernetes\\.io/is-default-class=='true')].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip()
+    return ""
+
+
+def _list_storage_classes(ctx: ExecutionContext) -> list:
+    """Lista todas as StorageClasses disponiveis."""
+    result = run_cmd(
+        ["kubectl", "get", "storageclass", "-o", "jsonpath={.items[*].metadata.name}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and (result.stdout or "").strip():
+        return (result.stdout or "").strip().split()
+    return []
+
+
+def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
+    """Instala local-path-provisioner para usar storage local (NVMe/SSD)."""
+    typer.echo("Instalando local-path-provisioner para storage local...")
+    
+    result = run_cmd(
+        ["kubectl", "apply", "-f", LOCAL_PATH_PROVISIONER_URL],
+        ctx,
+        check=False,
+    )
+    if result.returncode != 0:
+        typer.secho("  Falha ao instalar local-path-provisioner.", fg=typer.colors.RED)
+        return False
+    
+    # Aguarda deployment ficar pronto
+    typer.echo("  Aguardando local-path-provisioner ficar Ready...")
+    run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "rollout", "status",
+            "deployment/local-path-provisioner", "--timeout=60s",
+        ],
+        ctx,
+        check=False,
+    )
+    
+    typer.secho("  ✓ local-path-provisioner instalado.", fg=typer.colors.GREEN)
+    return True
+
+
+def _set_default_storage_class(ctx: ExecutionContext, name: str) -> None:
+    """Define uma StorageClass como default."""
+    # Remove default de outras classes primeiro
+    existing = _list_storage_classes(ctx)
+    for sc in existing:
+        if sc != name:
+            run_cmd(
+                [
+                    "kubectl", "annotate", "storageclass", sc,
+                    "storageclass.kubernetes.io/is-default-class-",
+                    "--overwrite",
+                ],
+                ctx,
+                check=False,
+            )
+    
+    # Define a nova como default
+    run_cmd(
+        [
+            "kubectl", "annotate", "storageclass", name,
+            "storageclass.kubernetes.io/is-default-class=true",
+            "--overwrite",
+        ],
+        ctx,
+        check=True,
+    )
+    typer.secho(f"  ✓ StorageClass '{name}' definida como default.", fg=typer.colors.GREEN)
+
+
+def _ensure_storage_class(ctx: ExecutionContext) -> str:
+    """Garante que existe uma StorageClass disponivel, instalando local-path se necessario."""
+    default_sc = _get_default_storage_class(ctx)
+    available = _list_storage_classes(ctx)
+
+    # Se ja houver StorageClass dedicada do Raijin, usa ela
+    if default_sc == RAIJIN_LOCAL_PATH_SC_NAME:
+        typer.echo(f"StorageClass default detectada: {default_sc}")
+        return default_sc
+    if RAIJIN_LOCAL_PATH_SC_NAME in available:
+        typer.echo(f"StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' detectada.")
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
+
+    # Se ja existir default diferente de local-path, respeita configuracao do cluster
+    if default_sc and default_sc != "local-path":
+        typer.echo(f"StorageClass default detectada: {default_sc}")
+        return default_sc
+
+    # Se local-path estiver disponivel (default ou nao), cria uma classe dedicada com binding imediato
+    if "local-path" in available or default_sc == "local-path":
+        if _create_raijin_local_path_sc(ctx):
+            _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+            return RAIJIN_LOCAL_PATH_SC_NAME
+        typer.echo("Nao foi possivel criar StorageClass dedicada; usando 'local-path'.")
+        _set_default_storage_class(ctx, "local-path")
+        return "local-path"
+
+    if available:
+        typer.echo(f"StorageClasses disponiveis (sem default): {', '.join(available)}")
+        choice = typer.prompt(
+            f"Qual StorageClass usar? ({'/'.join(available)})",
+            default=available[0],
+        )
+        return choice
+
+    # Nenhuma StorageClass disponivel - instala local-path automaticamente
+    typer.secho(
+        "Nenhuma StorageClass encontrada no cluster.",
+        fg=typer.colors.YELLOW,
+    )
+    install = typer.confirm(
+        "Instalar local-path-provisioner para usar armazenamento local (NVMe/SSD)?",
+        default=True,
+    )
+    if not install:
+        typer.secho(
+            "Abortando: MinIO requer uma StorageClass para PVCs.",
+            fg=typer.colors.RED,
+        )
+        raise typer.Exit(1)
+
+    if not _install_local_path_provisioner(ctx):
+        raise typer.Exit(1)
+
+    if _create_raijin_local_path_sc(ctx):
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
+
+    _set_default_storage_class(ctx, "local-path")
+    return "local-path"
+
+
 def _check_existing_minio(ctx: ExecutionContext) -> bool:
     """Verifica se existe instalacao do MinIO."""
     result = run_cmd(
@@ -119,6 +320,9 @@ def run(ctx: ExecutionContext) -> None:
         if cleanup:
             _uninstall_minio(ctx)
 
+    # Garante que existe StorageClass (instala local-path-provisioner se necessario)
+    storage_class = _ensure_storage_class(ctx)
+
     # Configuracoes interativas
     mode = typer.prompt(
         "Modo de operacao (standalone/distributed)",
@@ -165,10 +369,15 @@ def run(ctx: ExecutionContext) -> None:
         typer.secho(f"  Password gerado: {root_password}", fg=typer.colors.CYAN)
     
     persistence_size = typer.prompt("Tamanho do storage (ex: 10Gi, 50Gi)", default="10Gi")
-    storage_class = typer.prompt(
-        "StorageClass para os PVCs (ENTER para usar o default do cluster)",
-        default="",
+    
+    # Permite override da StorageClass detectada
+    storage_class_override = typer.prompt(
+        f"StorageClass para os PVCs (detectada: {storage_class})",
+        default=storage_class,
     ).strip()
+    if storage_class_override:
+        storage_class = storage_class_override
+    
     enable_console = typer.confirm("Habilitar Console Web?", default=True)
     
     node_name = _detect_node_name(ctx)
@@ -180,7 +389,7 @@ def run(ctx: ExecutionContext) -> None:
         # Persistence
         "persistence.enabled=true",
         f"persistence.size={persistence_size}",
-        # Se o cluster tiver StorageClass padrao, deixe em branco; caso contrario, defina aqui
+        f"persistence.storageClass={storage_class}",
         # Resources
         f"resources.requests.memory={resources_req_mem}",
         f"resources.requests.cpu={resources_req_cpu}",
@@ -205,9 +414,6 @@ def run(ctx: ExecutionContext) -> None:
         f"postJob.nodeSelector.kubernetes\\.io/hostname={node_name}",
     ]
 
-    if storage_class:
-        values.append(f"persistence.storageClass={storage_class}")
-
     if is_distributed:
         values.append(f"replicas={replicas}")
     

{raijin_server-0.2.37.dist-info → raijin_server-0.2.39.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.37
+Version: 0.2.39
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -46,6 +46,7 @@ CLI em Python (Typer) para automatizar setup e hardening de servidores Ubuntu Se
 - Segurança: [SECURITY.md](SECURITY.md)
 - Acesso SSH (Windows): [docs/SSH_WINDOWS.md](docs/SSH_WINDOWS.md)
 - VPN para acesso remoto (WireGuard): [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md)
+- MinIO (monitorar/testar): [docs/MINIO_OPERATIONS.md](docs/MINIO_OPERATIONS.md)
 
 ## Destaques
 

{raijin_server-0.2.37.dist-info → raijin_server-0.2.39.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=Nn-ioNsT9kpwGoiVgXVrJZwwadoBlBcz2yNeqKUeXSo,95
+raijin_server/__init__.py,sha256=xacey6j4K59BQrjBoDCtOtRtB9BSq7vxACgXc8_pFlg,95
 raijin_server/cli.py,sha256=2m7q1znMLbBdnUwN6oOUrCZXEqC2e7SfbjYkymbP4lQ,37884
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -22,7 +22,7 @@ raijin_server/modules/kong.py,sha256=eDSagvEP9_BCs9pZ-pCVs1BDdlYOoJfY5PnUSiTvvgc
 raijin_server/modules/kubernetes.py,sha256=9E6zV0zGQWZW92NVpxwYctpi-4JDmi6YzF3tKRI4HlU,13343
 raijin_server/modules/loki.py,sha256=aNiUpnOFppZMXoQwYhn7IoPMzwUz4aHi6pbiqj1PRjc,5022
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
-raijin_server/modules/minio.py,sha256=vjbgzKMRTL5EwzaBFfnd_0Wn_P5DpCwHCdf2pP9pki4,8057
+raijin_server/modules/minio.py,sha256=KSpoFP7RhXpDCaubHLo0amy6NWWVfdp5tuj8qVDB4tQ,15265
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
 raijin_server/modules/observability_ingress.py,sha256=Fh1rlFWueBNHnOkHuoHYyhILmpO-iQXINybSUYbYsHQ,5738
@@ -38,9 +38,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.37.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.37.dist-info/METADATA,sha256=xywTXHV-N6hyEuCOuJTd82eNcVviCdD9BhRIdxhX7ao,22770
-raijin_server-0.2.37.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.37.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.37.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.37.dist-info/RECORD,,
+raijin_server-0.2.39.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.39.dist-info/METADATA,sha256=5CikB8uMIOaqFLxSS3kQyQMbmu5C1TkpJy-l9JrLEfQ,22851
+raijin_server-0.2.39.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.39.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.39.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.39.dist-info/RECORD,,