raijin-server 0.2.38__py3-none-any.whl → 0.2.40__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.38"
+__version__ = "0.2.40"
 
 __all__ = ["__version__"]

raijin_server/modules/minio.py

@@ -1,8 +1,12 @@
 """Deploy do MinIO via Helm com configuracoes production-ready."""
 
+import json
 import secrets
 import socket
+import tempfile
 import time
+from pathlib import Path
+import textwrap
 
 import typer
 
@@ -12,6 +16,7 @@ LOCAL_PATH_PROVISIONER_URL = (
     "https://raw.githubusercontent.com/rancher/local-path-provisioner/"
     "v0.0.30/deploy/local-path-storage.yaml"
 )
+RAIJIN_LOCAL_PATH_SC_NAME = "raijin-local-path"
 
 
 def _detect_node_name(ctx: ExecutionContext) -> str:
@@ -31,6 +36,51 @@ def _generate_secret(length: int = 32) -> str:
     return secrets.token_urlsafe(length)[:length]
 
 
+def _apply_manifest(ctx: ExecutionContext, manifest: str, description: str) -> bool:
+    """Aplica manifest YAML temporario com kubectl."""
+    tmp_path = None
+    try:
+        with tempfile.NamedTemporaryFile("w", delete=False, suffix=".yaml") as tmp:
+            tmp.write(manifest)
+            tmp.flush()
+            tmp_path = Path(tmp.name)
+        result = run_cmd(
+            ["kubectl", "apply", "-f", str(tmp_path)],
+            ctx,
+            check=False,
+        )
+        if result.returncode != 0:
+            typer.secho(f"  Falha ao aplicar {description}.", fg=typer.colors.RED)
+            return False
+        typer.secho(f"  ✓ {description} aplicado.", fg=typer.colors.GREEN)
+        return True
+    finally:
+        if tmp_path and tmp_path.exists():
+            tmp_path.unlink(missing_ok=True)
+
+
+def _create_raijin_local_path_sc(ctx: ExecutionContext) -> bool:
+    """Cria StorageClass com volumeBindingMode=Immediate baseada no local-path."""
+    manifest = textwrap.dedent(
+        f"""
+        apiVersion: storage.k8s.io/v1
+        kind: StorageClass
+        metadata:
+          name: {RAIJIN_LOCAL_PATH_SC_NAME}
+        provisioner: rancher.io/local-path
+        reclaimPolicy: Delete
+        volumeBindingMode: Immediate
+        allowVolumeExpansion: true
+        parameters:
+          type: ""
+        """
+    ).strip()
+    typer.echo(
+        f"Criando StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' com binding imediato para PVCs do MinIO..."
+    )
+    return _apply_manifest(ctx, manifest, f"StorageClass {RAIJIN_LOCAL_PATH_SC_NAME}")
+
+
 def _get_default_storage_class(ctx: ExecutionContext) -> str:
     """Retorna o nome da StorageClass default do cluster, se existir."""
     result = run_cmd(
@@ -58,6 +108,102 @@ def _list_storage_classes(ctx: ExecutionContext) -> list:
     return []
 
 
+def _patch_local_path_provisioner_tolerations(ctx: ExecutionContext) -> None:
+    """Adiciona tolerations ao local-path-provisioner para rodar em control-plane."""
+    typer.echo("  Configurando tolerations no local-path-provisioner...")
+    
+    # Patch no deployment para tolerar control-plane
+    patch_deployment = textwrap.dedent(
+        """
+        spec:
+          template:
+            spec:
+              tolerations:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+                effect: NoSchedule
+        """
+    ).strip()
+    
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "deployment",
+            "local-path-provisioner", "--patch", patch_deployment,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ Deployment patched com tolerations.", fg=typer.colors.GREEN)
+    
+    # Patch no ConfigMap para os helper pods (que criam os dirs no node)
+    # O local-path-provisioner usa um ConfigMap com helperPod template
+    helper_pod_config = {
+        "nodePathMap": [
+            {
+                "node": "DEFAULT_PATH_FOR_NON_LISTED_NODES",
+                "paths": ["/opt/local-path-provisioner"]
+            }
+        ],
+        "setupCommand": None,
+        "teardownCommand": None,
+        "helperPod": {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {},
+            "spec": {
+                "tolerations": [
+                    {"key": "node-role.kubernetes.io/control-plane", "operator": "Exists", "effect": "NoSchedule"},
+                    {"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}
+                ],
+                "containers": [
+                    {
+                        "name": "helper-pod",
+                        "image": "busybox:stable",
+                        "imagePullPolicy": "IfNotPresent"
+                    }
+                ]
+            }
+        }
+    }
+    
+    # Converte para JSON string para o patch
+    config_json_str = json.dumps(helper_pod_config)
+    patch_data = json.dumps({"data": {"config.json": config_json_str}})
+    
+    # Aplica via patch no ConfigMap
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "configmap",
+            "local-path-config", "--type=merge", "-p", patch_data,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ ConfigMap patched para helper pods.", fg=typer.colors.GREEN)
+    
+    # Reinicia o deployment para aplicar as mudanças
+    run_cmd(
+        ["kubectl", "-n", "local-path-storage", "rollout", "restart", "deployment/local-path-provisioner"],
+        ctx,
+        check=False,
+    )
+    
+    # Aguarda rollout
+    run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "rollout", "status",
+            "deployment/local-path-provisioner", "--timeout=60s",
+        ],
+        ctx,
+        check=False,
+    )
+
+
 def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
     """Instala local-path-provisioner para usar storage local (NVMe/SSD)."""
     typer.echo("Instalando local-path-provisioner para storage local...")
@@ -71,7 +217,7 @@ def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
         typer.secho("  Falha ao instalar local-path-provisioner.", fg=typer.colors.RED)
         return False
     
-    # Aguarda deployment ficar pronto
+    # Aguarda deployment ficar pronto inicialmente
     typer.echo("  Aguardando local-path-provisioner ficar Ready...")
     run_cmd(
         [
@@ -82,7 +228,10 @@ def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
         check=False,
     )
     
-    typer.secho("  ✓ local-path-provisioner instalado.", fg=typer.colors.GREEN)
+    # Aplica tolerations para control-plane (single-node clusters)
+    _patch_local_path_provisioner_tolerations(ctx)
+    
+    typer.secho("  ✓ local-path-provisioner instalado e configurado.", fg=typer.colors.GREEN)
     return True
 
 
@@ -117,28 +266,46 @@ def _set_default_storage_class(ctx: ExecutionContext, name: str) -> None:
 
 def _ensure_storage_class(ctx: ExecutionContext) -> str:
     """Garante que existe uma StorageClass disponivel, instalando local-path se necessario."""
-    # Verifica se ja tem default
     default_sc = _get_default_storage_class(ctx)
-    if default_sc:
+    available = _list_storage_classes(ctx)
+
+    # Se ja houver StorageClass dedicada do Raijin, usa ela
+    if default_sc == RAIJIN_LOCAL_PATH_SC_NAME:
         typer.echo(f"StorageClass default detectada: {default_sc}")
+        # Garante que o provisioner tem tolerations (pode ter sido instalado antes do fix)
+        _patch_local_path_provisioner_tolerations(ctx)
         return default_sc
-    
-    # Lista classes disponiveis
-    available = _list_storage_classes(ctx)
+    if RAIJIN_LOCAL_PATH_SC_NAME in available:
+        typer.echo(f"StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' detectada.")
+        _patch_local_path_provisioner_tolerations(ctx)
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
+
+    # Se ja existir default diferente de local-path, respeita configuracao do cluster
+    if default_sc and default_sc != "local-path":
+        typer.echo(f"StorageClass default detectada: {default_sc}")
+        return default_sc
+
+    # Se local-path estiver disponivel (default ou nao), cria uma classe dedicada com binding imediato
+    if "local-path" in available or default_sc == "local-path":
+        # Garante tolerations no provisioner existente
+        _patch_local_path_provisioner_tolerations(ctx)
+        if _create_raijin_local_path_sc(ctx):
+            _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+            return RAIJIN_LOCAL_PATH_SC_NAME
+        typer.echo("Nao foi possivel criar StorageClass dedicada; usando 'local-path'.")
+        _set_default_storage_class(ctx, "local-path")
+        return "local-path"
+
     if available:
         typer.echo(f"StorageClasses disponiveis (sem default): {', '.join(available)}")
-        # Se local-path existe, define como default
-        if "local-path" in available:
-            _set_default_storage_class(ctx, "local-path")
-            return "local-path"
-        # Pergunta qual usar
         choice = typer.prompt(
             f"Qual StorageClass usar? ({'/'.join(available)})",
             default=available[0],
         )
         return choice
-    
-    # Sem StorageClass - instala local-path-provisioner
+
+    # Nenhuma StorageClass disponivel - instala local-path automaticamente
     typer.secho(
         "Nenhuma StorageClass encontrada no cluster.",
         fg=typer.colors.YELLOW,
@@ -153,11 +320,14 @@ def _ensure_storage_class(ctx: ExecutionContext) -> str:
             fg=typer.colors.RED,
         )
         raise typer.Exit(1)
-    
+
     if not _install_local_path_provisioner(ctx):
         raise typer.Exit(1)
-    
-    # Define como default
+
+    if _create_raijin_local_path_sc(ctx):
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
+
     _set_default_storage_class(ctx, "local-path")
     return "local-path"
 

{raijin_server-0.2.38.dist-info → raijin_server-0.2.40.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.38
+Version: 0.2.40
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -46,6 +46,7 @@ CLI em Python (Typer) para automatizar setup e hardening de servidores Ubuntu Se
 - Segurança: [SECURITY.md](SECURITY.md)
 - Acesso SSH (Windows): [docs/SSH_WINDOWS.md](docs/SSH_WINDOWS.md)
 - VPN para acesso remoto (WireGuard): [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md)
+- MinIO (monitorar/testar): [docs/MINIO_OPERATIONS.md](docs/MINIO_OPERATIONS.md)
 
 ## Destaques
 

{raijin_server-0.2.38.dist-info → raijin_server-0.2.40.dist-info}/RECORD

@@ -1,4 +1,4 @@
-raijin_server/__init__.py,sha256=4mORVRvOEyarK3iUTZjD7Ez47EzyOjaWwkvvKi-JYVI,95
+raijin_server/__init__.py,sha256=PET19zpBabvgsdbOZwr8T9CyQlc69zOhgFzYRP5DDI8,95
 raijin_server/cli.py,sha256=2m7q1znMLbBdnUwN6oOUrCZXEqC2e7SfbjYkymbP4lQ,37884
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
@@ -22,7 +22,7 @@ raijin_server/modules/kong.py,sha256=eDSagvEP9_BCs9pZ-pCVs1BDdlYOoJfY5PnUSiTvvgc
 raijin_server/modules/kubernetes.py,sha256=9E6zV0zGQWZW92NVpxwYctpi-4JDmi6YzF3tKRI4HlU,13343
 raijin_server/modules/loki.py,sha256=aNiUpnOFppZMXoQwYhn7IoPMzwUz4aHi6pbiqj1PRjc,5022
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
-raijin_server/modules/minio.py,sha256=W49LyaRXoaeLIebFO6kwqIT9usZ1IP648UK10dInHJ4,12683
+raijin_server/modules/minio.py,sha256=XvWg4XJ2URZhiJYHrqf1Eg5tvLGXMxu45Rr_9C58SP4,18915
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
 raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
 raijin_server/modules/observability_ingress.py,sha256=Fh1rlFWueBNHnOkHuoHYyhILmpO-iQXINybSUYbYsHQ,5738
@@ -38,9 +38,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.2.38.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.2.38.dist-info/METADATA,sha256=kfDAsH4WoVhFS1RxNnTWqNLFo4vF0obMCQu2JHCZU2I,22770
-raijin_server-0.2.38.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.2.38.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.2.38.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.2.38.dist-info/RECORD,,
+raijin_server-0.2.40.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.2.40.dist-info/METADATA,sha256=gpXIeSzpsrBImaDzxLWQgddp1QZa3rOJmn3fZJ18HfA,22851
+raijin_server-0.2.40.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.2.40.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.2.40.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.2.40.dist-info/RECORD,,