PyPI - raijin-server - Versions diffs - 0.2.38__tar.gz → 0.2.40__tar.gz - Mend

raijin-server 0.2.38tar.gz → 0.2.40tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of raijin-server might be problematic. Click here for more details.

Files changed (54) hide show

{raijin_server-0.2.38/src/raijin_server.egg-info → raijin_server-0.2.40}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.38
+Version: 0.2.40
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -46,6 +46,7 @@ CLI em Python (Typer) para automatizar setup e hardening de servidores Ubuntu Se
 - Segurança: [SECURITY.md](SECURITY.md)
 - Acesso SSH (Windows): [docs/SSH_WINDOWS.md](docs/SSH_WINDOWS.md)
 - VPN para acesso remoto (WireGuard): [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md)
+- MinIO (monitorar/testar): [docs/MINIO_OPERATIONS.md](docs/MINIO_OPERATIONS.md)
 ## Destaques

{raijin_server-0.2.38 → raijin_server-0.2.40}/README.md RENAMED Viewed

@@ -13,6 +13,7 @@ CLI em Python (Typer) para automatizar setup e hardening de servidores Ubuntu Se
 - Segurança: [SECURITY.md](SECURITY.md)
 - Acesso SSH (Windows): [docs/SSH_WINDOWS.md](docs/SSH_WINDOWS.md)
 - VPN para acesso remoto (WireGuard): [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md)
+- MinIO (monitorar/testar): [docs/MINIO_OPERATIONS.md](docs/MINIO_OPERATIONS.md)
 ## Destaques

{raijin_server-0.2.38 → raijin_server-0.2.40}/setup.cfg RENAMED Viewed

@@ -1,6 +1,6 @@
 [metadata]
 name = raijin-server
-version = 0.2.38
+version = 0.2.40
 description = CLI para automacao de setup e hardening de servidores Ubuntu Server.
 long_description = file: README.md
 long_description_content_type = text/markdown

raijin_server-0.2.40/src/raijin_server/__init__.py ADDED Viewed

@@ -0,0 +1,5 @@
+"""Pacote principal do CLI Raijin Server."""
+__version__ = "0.2.40"
+__all__ = ["__version__"]

{raijin_server-0.2.38 → raijin_server-0.2.40}/src/raijin_server/modules/minio.py RENAMED Viewed

@@ -1,8 +1,12 @@
 """Deploy do MinIO via Helm com configuracoes production-ready."""
+import json
 import secrets
 import socket
+import tempfile
 import time
+from pathlib import Path
+import textwrap
 import typer
@@ -12,6 +16,7 @@ LOCAL_PATH_PROVISIONER_URL = (
     "https://raw.githubusercontent.com/rancher/local-path-provisioner/"
     "v0.0.30/deploy/local-path-storage.yaml"
 )
+RAIJIN_LOCAL_PATH_SC_NAME = "raijin-local-path"
 def _detect_node_name(ctx: ExecutionContext) -> str:
@@ -31,6 +36,51 @@ def _generate_secret(length: int = 32) -> str:
     return secrets.token_urlsafe(length)[:length]
+def _apply_manifest(ctx: ExecutionContext, manifest: str, description: str) -> bool:
+    """Aplica manifest YAML temporario com kubectl."""
+    tmp_path = None
+    try:
+        with tempfile.NamedTemporaryFile("w", delete=False, suffix=".yaml") as tmp:
+            tmp.write(manifest)
+            tmp.flush()
+            tmp_path = Path(tmp.name)
+        result = run_cmd(
+            ["kubectl", "apply", "-f", str(tmp_path)],
+            ctx,
+            check=False,
+        )
+        if result.returncode != 0:
+            typer.secho(f"  Falha ao aplicar {description}.", fg=typer.colors.RED)
+            return False
+        typer.secho(f"  ✓ {description} aplicado.", fg=typer.colors.GREEN)
+        return True
+    finally:
+        if tmp_path and tmp_path.exists():
+            tmp_path.unlink(missing_ok=True)
+def _create_raijin_local_path_sc(ctx: ExecutionContext) -> bool:
+    """Cria StorageClass com volumeBindingMode=Immediate baseada no local-path."""
+    manifest = textwrap.dedent(
+        f"""
+        apiVersion: storage.k8s.io/v1
+        kind: StorageClass
+        metadata:
+          name: {RAIJIN_LOCAL_PATH_SC_NAME}
+        provisioner: rancher.io/local-path
+        reclaimPolicy: Delete
+        volumeBindingMode: Immediate
+        allowVolumeExpansion: true
+        parameters:
+          type: ""
+        """
+    ).strip()
+    typer.echo(
+        f"Criando StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' com binding imediato para PVCs do MinIO..."
+    )
+    return _apply_manifest(ctx, manifest, f"StorageClass {RAIJIN_LOCAL_PATH_SC_NAME}")
 def _get_default_storage_class(ctx: ExecutionContext) -> str:
     """Retorna o nome da StorageClass default do cluster, se existir."""
     result = run_cmd(
@@ -58,6 +108,102 @@ def _list_storage_classes(ctx: ExecutionContext) -> list:
     return []
+def _patch_local_path_provisioner_tolerations(ctx: ExecutionContext) -> None:
+    """Adiciona tolerations ao local-path-provisioner para rodar em control-plane."""
+    typer.echo("  Configurando tolerations no local-path-provisioner...")
+    # Patch no deployment para tolerar control-plane
+    patch_deployment = textwrap.dedent(
+        """
+        spec:
+          template:
+            spec:
+              tolerations:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+                effect: NoSchedule
+        """
+    ).strip()
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "deployment",
+            "local-path-provisioner", "--patch", patch_deployment,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ Deployment patched com tolerations.", fg=typer.colors.GREEN)
+    # Patch no ConfigMap para os helper pods (que criam os dirs no node)
+    # O local-path-provisioner usa um ConfigMap com helperPod template
+    helper_pod_config = {
+        "nodePathMap": [
+            {
+                "node": "DEFAULT_PATH_FOR_NON_LISTED_NODES",
+                "paths": ["/opt/local-path-provisioner"]
+            }
+        ],
+        "setupCommand": None,
+        "teardownCommand": None,
+        "helperPod": {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {},
+            "spec": {
+                "tolerations": [
+                    {"key": "node-role.kubernetes.io/control-plane", "operator": "Exists", "effect": "NoSchedule"},
+                    {"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}
+                ],
+                "containers": [
+                    {
+                        "name": "helper-pod",
+                        "image": "busybox:stable",
+                        "imagePullPolicy": "IfNotPresent"
+                    }
+                ]
+            }
+        }
+    }
+    # Converte para JSON string para o patch
+    config_json_str = json.dumps(helper_pod_config)
+    patch_data = json.dumps({"data": {"config.json": config_json_str}})
+    # Aplica via patch no ConfigMap
+    result = run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "patch", "configmap",
+            "local-path-config", "--type=merge", "-p", patch_data,
+        ],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("    ✓ ConfigMap patched para helper pods.", fg=typer.colors.GREEN)
+    # Reinicia o deployment para aplicar as mudanças
+    run_cmd(
+        ["kubectl", "-n", "local-path-storage", "rollout", "restart", "deployment/local-path-provisioner"],
+        ctx,
+        check=False,
+    )
+    # Aguarda rollout
+    run_cmd(
+        [
+            "kubectl", "-n", "local-path-storage", "rollout", "status",
+            "deployment/local-path-provisioner", "--timeout=60s",
+        ],
+        ctx,
+        check=False,
+    )
 def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
     """Instala local-path-provisioner para usar storage local (NVMe/SSD)."""
     typer.echo("Instalando local-path-provisioner para storage local...")
@@ -71,7 +217,7 @@ def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
         typer.secho("  Falha ao instalar local-path-provisioner.", fg=typer.colors.RED)
         return False
-    # Aguarda deployment ficar pronto
+    # Aguarda deployment ficar pronto inicialmente
     typer.echo("  Aguardando local-path-provisioner ficar Ready...")
     run_cmd(
         [
@@ -82,7 +228,10 @@ def _install_local_path_provisioner(ctx: ExecutionContext) -> bool:
         check=False,
     )
-    typer.secho("  ✓ local-path-provisioner instalado.", fg=typer.colors.GREEN)
+    # Aplica tolerations para control-plane (single-node clusters)
+    _patch_local_path_provisioner_tolerations(ctx)
+    typer.secho("  ✓ local-path-provisioner instalado e configurado.", fg=typer.colors.GREEN)
     return True
@@ -117,28 +266,46 @@ def _set_default_storage_class(ctx: ExecutionContext, name: str) -> None:
 def _ensure_storage_class(ctx: ExecutionContext) -> str:
     """Garante que existe uma StorageClass disponivel, instalando local-path se necessario."""
-    # Verifica se ja tem default
     default_sc = _get_default_storage_class(ctx)
-    if default_sc:
+    available = _list_storage_classes(ctx)
+    # Se ja houver StorageClass dedicada do Raijin, usa ela
+    if default_sc == RAIJIN_LOCAL_PATH_SC_NAME:
         typer.echo(f"StorageClass default detectada: {default_sc}")
+        # Garante que o provisioner tem tolerations (pode ter sido instalado antes do fix)
+        _patch_local_path_provisioner_tolerations(ctx)
         return default_sc
-    # Lista classes disponiveis
-    available = _list_storage_classes(ctx)
+    if RAIJIN_LOCAL_PATH_SC_NAME in available:
+        typer.echo(f"StorageClass '{RAIJIN_LOCAL_PATH_SC_NAME}' detectada.")
+        _patch_local_path_provisioner_tolerations(ctx)
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
+    # Se ja existir default diferente de local-path, respeita configuracao do cluster
+    if default_sc and default_sc != "local-path":
+        typer.echo(f"StorageClass default detectada: {default_sc}")
+        return default_sc
+    # Se local-path estiver disponivel (default ou nao), cria uma classe dedicada com binding imediato
+    if "local-path" in available or default_sc == "local-path":
+        # Garante tolerations no provisioner existente
+        _patch_local_path_provisioner_tolerations(ctx)
+        if _create_raijin_local_path_sc(ctx):
+            _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+            return RAIJIN_LOCAL_PATH_SC_NAME
+        typer.echo("Nao foi possivel criar StorageClass dedicada; usando 'local-path'.")
+        _set_default_storage_class(ctx, "local-path")
+        return "local-path"
     if available:
         typer.echo(f"StorageClasses disponiveis (sem default): {', '.join(available)}")
-        # Se local-path existe, define como default
-        if "local-path" in available:
-            _set_default_storage_class(ctx, "local-path")
-            return "local-path"
-        # Pergunta qual usar
         choice = typer.prompt(
             f"Qual StorageClass usar? ({'/'.join(available)})",
             default=available[0],
         )
         return choice
-    # Sem StorageClass - instala local-path-provisioner
+    # Nenhuma StorageClass disponivel - instala local-path automaticamente
     typer.secho(
         "Nenhuma StorageClass encontrada no cluster.",
         fg=typer.colors.YELLOW,
@@ -153,11 +320,14 @@ def _ensure_storage_class(ctx: ExecutionContext) -> str:
             fg=typer.colors.RED,
         )
         raise typer.Exit(1)
     if not _install_local_path_provisioner(ctx):
         raise typer.Exit(1)
-    # Define como default
+    if _create_raijin_local_path_sc(ctx):
+        _set_default_storage_class(ctx, RAIJIN_LOCAL_PATH_SC_NAME)
+        return RAIJIN_LOCAL_PATH_SC_NAME
     _set_default_storage_class(ctx, "local-path")
     return "local-path"

{raijin_server-0.2.38 → raijin_server-0.2.40/src/raijin_server.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.2.38
+Version: 0.2.40
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin
@@ -46,6 +46,7 @@ CLI em Python (Typer) para automatizar setup e hardening de servidores Ubuntu Se
 - Segurança: [SECURITY.md](SECURITY.md)
 - Acesso SSH (Windows): [docs/SSH_WINDOWS.md](docs/SSH_WINDOWS.md)
 - VPN para acesso remoto (WireGuard): [docs/VPN_REMOTE_ACCESS.md](docs/VPN_REMOTE_ACCESS.md)
+- MinIO (monitorar/testar): [docs/MINIO_OPERATIONS.md](docs/MINIO_OPERATIONS.md)
 ## Destaques