raijin-server 0.2.5__py3-none-any.whl → 0.2.7__py3-none-any.whl

raijin_server/__init__.py

@@ -1,5 +1,5 @@
 """Pacote principal do CLI Raijin Server."""
 
-__version__ = "0.2.4"
+__version__ = "0.2.7"
 
 __all__ = ["__version__"]

raijin_server/cli.py

@@ -6,6 +6,8 @@ import os
 from pathlib import Path
 from typing import Callable, Dict, Optional
 
+import subprocess
+
 import typer
 from rich import box
 from rich.console import Console
@@ -42,7 +44,7 @@ from raijin_server.modules import (
     velero,
     vpn,
 )
-from raijin_server.utils import ExecutionContext, logger
+from raijin_server.utils import ExecutionContext, logger, active_log_file, available_log_files, page_text, ensure_tool
 from raijin_server.validators import validate_system_requirements, check_module_dependencies
 from raijin_server.healthchecks import run_health_check
 from raijin_server.config import ConfigManager
@@ -131,6 +133,19 @@ MODULE_DESCRIPTIONS: Dict[str, str] = {
 }
 
 
+def _capture_cmd(cmd: list[str], timeout: int = 30) -> str:
+    try:
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
+        if result.returncode == 0:
+            return result.stdout.strip() or "(sem saida)"
+        return (
+            f"✗ {' '.join(cmd)}\n"
+            f"{(result.stdout or '').strip()}\n{(result.stderr or '').strip()}".strip()
+        )
+    except Exception as exc:
+        return f"✗ {' '.join(cmd)} -> {exc}"
+
+
 def _run_module(ctx: typer.Context, name: str, skip_validation: bool = False) -> None:
     handler = MODULES.get(name)
     if handler is None:
@@ -542,6 +557,120 @@ def cert_list_issuers(ctx: typer.Context) -> None:
         pass
 
 
+# ============================================================================
+# Ferramentas de Depuração / Logs
+# ============================================================================
+debug_app = typer.Typer(help="Ferramentas de depuracao e investigacao de logs")
+app.add_typer(debug_app, name="debug")
+
+
+@debug_app.command(name="logs")
+def debug_logs(
+    lines: int = typer.Option(200, "--lines", "-n", help="Quantidade de linhas ao ler"),
+    follow: bool = typer.Option(False, "--follow", "-f", help="Segue o log com tail -F"),
+    pager: bool = typer.Option(True, "--pager/--no-pager", help="Exibe com less"),
+) -> None:
+    """Mostra logs do raijin-server com opcao de follow."""
+
+    logs = available_log_files()
+    if not logs:
+        typer.secho("Nenhum log encontrado", fg=typer.colors.YELLOW)
+        return
+
+    main_log = active_log_file()
+    typer.echo(f"Log ativo: {main_log}")
+
+    if follow:
+        subprocess.run(["tail", "-n", str(lines), "-F", str(main_log)])
+        return
+
+    chunks = []
+    for path in logs:
+        try:
+            data = path.read_text()
+        except Exception as exc:
+            data = f"[erro ao ler {path}: {exc}]"
+        chunks.append(f"===== {path} =====\n{data}")
+
+    output = "\n\n".join(chunks)
+    if pager:
+        page_text(output)
+    else:
+        typer.echo(output)
+
+
+@debug_app.command(name="kube")
+def debug_kube(
+    ctx: typer.Context,
+    events: int = typer.Option(200, "--events", "-e", help="Quantas linhas finais de eventos exibir"),
+    namespace: Optional[str] = typer.Option(None, "--namespace", "-n", help="Filtra pods/eventos por namespace"),
+    pager: bool = typer.Option(True, "--pager/--no-pager", help="Exibe com less"),
+) -> None:
+    """Snapshot rapido de nodes, pods e eventos do cluster."""
+
+    exec_ctx = ctx.obj or ExecutionContext()
+    ensure_tool("kubectl", exec_ctx)
+
+    sections = []
+    sections.append(("kubectl get nodes -o wide", _capture_cmd(["kubectl", "get", "nodes", "-o", "wide"])))
+
+    pods_cmd: list[str] = ["kubectl", "get", "pods"]
+    if namespace:
+        pods_cmd.extend(["-n", namespace])
+    else:
+        pods_cmd.append("-A")
+    pods_cmd.extend(["-o", "wide"])
+    sections.append(("kubectl get pods", _capture_cmd(pods_cmd)))
+
+    events_cmd: list[str] = ["kubectl", "get", "events"]
+    if namespace:
+        events_cmd.extend(["-n", namespace])
+    else:
+        events_cmd.append("-A")
+    events_cmd.extend(["--sort-by=.lastTimestamp"])
+    events_output = _capture_cmd(events_cmd)
+    if events_output and events > 0:
+        events_output = "\n".join(events_output.splitlines()[-events:])
+    sections.append(("kubectl get events", events_output))
+
+    combined = "\n\n".join([f"[{title}]\n{body}" for title, body in sections])
+    if pager:
+        page_text(combined)
+    else:
+        typer.echo(combined)
+
+
+@debug_app.command(name="journal")
+def debug_journal(
+    ctx: typer.Context,
+    service: str = typer.Option("kubelet", "--service", "-s", help="Unidade systemd para inspecionar"),
+    lines: int = typer.Option(200, "--lines", "-n", help="Linhas a exibir"),
+    follow: bool = typer.Option(False, "--follow", "-f", help="Segue o journal em tempo real"),
+    pager: bool = typer.Option(True, "--pager/--no-pager", help="Exibe com less"),
+) -> None:
+    """Mostra logs de services (ex.: kubelet) via journalctl."""
+
+    exec_ctx = ctx.obj or ExecutionContext()
+    ensure_tool("journalctl", exec_ctx)
+
+    cmd = ["journalctl", "-u", service, "-n", str(lines)]
+    if follow:
+        cmd.append("-f")
+        subprocess.run(cmd)
+        return
+
+    cmd.append("--no-pager")
+    output = _capture_cmd(cmd, timeout=60)
+    if lines > 0:
+        output = "\n".join(output.splitlines()[-lines:])
+
+    text = f"[journalctl -u {service} -n {lines}]\n{output}"
+    if pager:
+        page_text(text)
+    else:
+        typer.echo(text)
+
+
 # ============================================================================
 # Comandos Existentes
 # ============================================================================
@@ -554,8 +683,24 @@ def bootstrap_cmd(ctx: typer.Context) -> None:
 
 
 @app.command(name="full-install")
-def full_install_cmd(ctx: typer.Context) -> None:
+def full_install_cmd(
+    ctx: typer.Context,
+    steps: Optional[str] = typer.Option(None, "--steps", help="Lista de modulos, separado por virgula"),
+    confirm_each: bool = typer.Option(False, "--confirm-each", help="Pedir confirmacao antes de cada modulo"),
+    debug_mode: bool = typer.Option(False, "--debug-mode", help="Habilita snapshots e diagnose pos-modulo"),
+    snapshots: bool = typer.Option(False, "--snapshots", help="Habilita snapshots de cluster apos cada modulo"),
+    post_diagnose: bool = typer.Option(False, "--post-diagnose", help="Executa diagnose pos-modulo quando disponivel"),
+    select_steps: bool = typer.Option(False, "--select-steps", help="Pergunta quais modulos executar antes de iniciar"),
+) -> None:
     """Executa instalacao completa e automatizada do ambiente de producao."""
+    exec_ctx = ctx.obj or ExecutionContext()
+    if steps:
+        exec_ctx.selected_steps = [s.strip() for s in steps.split(",") if s.strip()]
+    exec_ctx.interactive_steps = select_steps
+    exec_ctx.confirm_each_step = confirm_each
+    exec_ctx.debug_snapshots = debug_mode or snapshots or exec_ctx.debug_snapshots
+    exec_ctx.post_diagnose = debug_mode or post_diagnose or exec_ctx.post_diagnose
+    ctx.obj = exec_ctx
     _run_module(ctx, "full_install")
 
 

raijin_server/modules/calico.py

@@ -1,7 +1,8 @@
 """Configuracao de Calico como CNI com CIDR customizado e policies opinativas."""
 
+import json
 from pathlib import Path
-from typing import Iterable
+from typing import Iterable, List
 
 import typer
 
@@ -16,6 +17,7 @@ from raijin_server.utils import (
 
 EGRESS_LABEL_KEY = "networking.raijin.dev/egress"
 EGRESS_LABEL_VALUE = "internet"
+DEFAULT_WORKLOAD_NAMESPACE = "apps"
 
 
 def _apply_policy(content: str, ctx: ExecutionContext, suffix: str) -> None:
@@ -25,6 +27,23 @@ def _apply_policy(content: str, ctx: ExecutionContext, suffix: str) -> None:
     path.unlink(missing_ok=True)
 
 
+def _ensure_namespace(namespace: str, ctx: ExecutionContext) -> None:
+    """Garante que um namespace de workloads exista com labels padrao."""
+    manifest = f"""apiVersion: v1
+kind: Namespace
+metadata:
+  name: {namespace}
+  labels:
+    raijin/workload-profile: production
+    networking.raijin.dev/default-egress: restricted
+"""
+
+    path = Path(f"/tmp/raijin-ns-{namespace}.yaml")
+    write_file(path, manifest, ctx)
+    kubectl_apply(str(path), ctx)
+    path.unlink(missing_ok=True)
+
+
 def _build_default_deny(namespace: str) -> str:
     return f"""apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -62,6 +81,43 @@ def _split_namespaces(raw_value: str) -> Iterable[str]:
     return [ns.strip() for ns in raw_value.split(",") if ns.strip()]
 
 
+def _list_workloads_without_egress(namespaces: List[str], ctx: ExecutionContext) -> None:
+    """Lista workloads sem label de egress e apenas avisa se falhar."""
+    if ctx.dry_run:
+        typer.echo("[dry-run] Skip listagem de workloads para liberação de egress")
+        return
+
+    typer.secho("\nWorkloads sem liberação de egress (adicione label para liberar internet):", fg=typer.colors.CYAN)
+    for ns in namespaces:
+        result = run_cmd(
+            ["kubectl", "get", "deploy,statefulset,daemonset", "-n", ns, "-o", "json"],
+            ctx,
+            check=False,
+        )
+        if result.returncode != 0:
+            msg = (result.stderr or result.stdout or "erro desconhecido").strip()
+            typer.secho(f"  Aviso: nao foi possivel listar workloads em '{ns}' ({msg})", fg=typer.colors.YELLOW)
+            continue
+
+        try:
+            data = json.loads(result.stdout or "{}")
+            items = data.get("items", [])
+            pending = []
+            for item in items:
+                meta = item.get("metadata", {})
+                labels = meta.get("labels", {}) or {}
+                if labels.get(EGRESS_LABEL_KEY) != EGRESS_LABEL_VALUE:
+                    pending.append(f"{meta.get('namespace', ns)}/{meta.get('name', 'desconhecido')}")
+
+            if pending:
+                for name in pending:
+                    typer.echo(f"  - {name}")
+            else:
+                typer.echo(f"  Nenhum workload pendente em '{ns}'")
+        except Exception as exc:
+            typer.secho(f"  Aviso: falha ao processar workloads em '{ns}': {exc}", fg=typer.colors.YELLOW)
+
+
 def _check_cluster_available(ctx: ExecutionContext) -> bool:
     """Verifica se o cluster Kubernetes esta acessivel."""
     if ctx.dry_run:
@@ -99,13 +155,19 @@ def run(ctx: ExecutionContext) -> None:
     typer.echo("Aplicando Calico como CNI...")
     pod_cidr = typer.prompt("Pod CIDR (Calico)", default="10.244.0.0/16")
 
+    typer.secho(
+        f"Criando namespace padrao de workloads '{DEFAULT_WORKLOAD_NAMESPACE}' (production-ready)...",
+        fg=typer.colors.CYAN,
+    )
+    _ensure_namespace(DEFAULT_WORKLOAD_NAMESPACE, ctx)
+
     manifest_url = "https://raw.githubusercontent.com/projectcalico/calico/v3.27.2/manifests/calico.yaml"
     cmd = f"curl -s {manifest_url} | sed 's#192.168.0.0/16#{pod_cidr}#' | kubectl apply -f -"
     run_cmd(cmd, ctx, use_shell=True)
 
     deny_namespaces_raw = typer.prompt(
         "Namespaces para aplicar default-deny (CSV)",
-        default="default",
+        default=DEFAULT_WORKLOAD_NAMESPACE,
     )
     for namespace in _split_namespaces(deny_namespaces_raw):
         typer.echo(f"Aplicando default-deny no namespace '{namespace}'...")
@@ -117,9 +179,12 @@ def run(ctx: ExecutionContext) -> None:
     ):
         allow_namespaces_raw = typer.prompt(
             "Namespaces com pods que precisam acessar APIs externas (CSV)",
-            default="default",
+            default=DEFAULT_WORKLOAD_NAMESPACE,
         )
         cidr = typer.prompt("CIDR liberado (ex.: 0.0.0.0/0)", default="0.0.0.0/0")
+        namespaces = list(_split_namespaces(allow_namespaces_raw))
+        if namespaces:
+            _list_workloads_without_egress(namespaces, ctx)
         for namespace in _split_namespaces(allow_namespaces_raw):
             typer.echo(
                 f"Criando policy allow-egress-internet em '{namespace}' para pods com "