raijin-server 0.2.6__py3-none-any.whl → 0.2.8__py3-none-any.whl

raijin_server/modules/full_install.py

@@ -1,10 +1,13 @@
 """Instalacao completa e automatizada do ambiente produtivo."""
 
 import os
+import subprocess
+from typing import List
 
 import typer
 
 from raijin_server.utils import ExecutionContext, require_root
+from raijin_server.healthchecks import run_health_check
 from raijin_server.modules import (
     bootstrap,
     calico,
@@ -68,6 +71,196 @@ def _cert_manager_install_only(ctx: ExecutionContext) -> None:
         )
 
 
+def _confirm_colored(message: str, default: bool = True) -> bool:
+    """Confirmação com destaque visual."""
+    styled = typer.style(message, fg=typer.colors.YELLOW, bold=True)
+    return typer.confirm(styled, default=default)
+
+
+def _select_steps_interactively() -> List[str] | None:
+    typer.secho("Selecione passos (separados por vírgula) ou ENTER para todos:", fg=typer.colors.CYAN)
+    typer.echo("Exemplo: kubernetes,calico,cert_manager,traefik")
+    answer = typer.prompt("Passos", default="").strip()
+    if not answer:
+        return None
+    steps = [s.strip() for s in answer.split(",") if s.strip()]
+    return steps or None
+
+
+def _kube_snapshot(ctx: ExecutionContext, events: int = 100, namespace: str | None = None) -> None:
+    """Coleta snapshot rápido de cluster para debug (best-effort)."""
+    cmds = []
+    cmds.append(["kubectl", "get", "nodes", "-o", "wide"])
+
+    pods_cmd = ["kubectl", "get", "pods"]
+    if namespace:
+        pods_cmd += ["-n", namespace]
+    else:
+        pods_cmd.append("-A")
+    pods_cmd += ["-o", "wide"]
+    cmds.append(pods_cmd)
+
+    events_cmd = ["kubectl", "get", "events"]
+    if namespace:
+        events_cmd += ["-n", namespace]
+    else:
+        events_cmd.append("-A")
+    events_cmd += ["--sort-by=.lastTimestamp"]
+    cmds.append(events_cmd)
+
+    typer.secho("\n[DEBUG] Snapshot do cluster", fg=typer.colors.CYAN)
+    for cmd in cmds:
+        try:
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
+            typer.echo(f"$ {' '.join(cmd)}")
+            if result.stdout:
+                lines = result.stdout.strip().splitlines()
+                if cmd is events_cmd:
+                    lines = lines[-events:]
+                typer.echo("\n".join(lines))
+            elif result.stderr:
+                typer.echo(result.stderr.strip())
+        except Exception as exc:
+            typer.secho(f"(snapshot falhou: {exc})", fg=typer.colors.YELLOW)
+
+
+def _run_cmd(title: str, cmd: List[str], ctx: ExecutionContext, tail: int | None = None) -> None:
+    """Executa comando kubectl/helm best-effort para diagnosticos rapidos."""
+    typer.secho(f"\n[diagnose] {title}", fg=typer.colors.CYAN)
+    if ctx.dry_run:
+        typer.echo("[dry-run] comando nao executado")
+        return
+
+    try:
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=40)
+        typer.echo(f"$ {' '.join(cmd)}")
+        output = result.stdout.strip() or result.stderr.strip()
+        if output:
+            lines = output.splitlines()
+            if tail:
+                lines = lines[-tail:]
+            typer.echo("\n".join(lines))
+        else:
+            typer.echo("(sem saida)")
+    except Exception as exc:
+        typer.secho(f"(falha ao executar: {exc})", fg=typer.colors.YELLOW)
+
+
+def _diag_namespace(ns: str, ctx: ExecutionContext, tail_events: int = 50) -> None:
+    _run_cmd(f"Pods em {ns}", ["kubectl", "get", "pods", "-n", ns, "-o", "wide"], ctx)
+    _run_cmd(f"Services em {ns}", ["kubectl", "get", "svc", "-n", ns], ctx)
+    _run_cmd(f"Deployments em {ns}", ["kubectl", "get", "deploy", "-n", ns], ctx)
+    _run_cmd(
+        f"Eventos em {ns}",
+        ["kubectl", "get", "events", "-n", ns, "--sort-by=.lastTimestamp"],
+        ctx,
+        tail=tail_events,
+    )
+
+
+def _diag_calico(ctx: ExecutionContext) -> None:
+    ns = "kube-system"
+    _run_cmd("Calico DaemonSets", ["kubectl", "get", "ds", "-n", ns, "-o", "wide"], ctx)
+    _run_cmd("Calico pods", ["kubectl", "get", "pods", "-n", ns, "-l", "k8s-app=calico-node", "-o", "wide"], ctx)
+    _run_cmd("Calico typha", ["kubectl", "get", "pods", "-n", ns, "-l", "k8s-app=calico-typha", "-o", "wide"], ctx)
+    _run_cmd("Calico events", ["kubectl", "get", "events", "-n", ns, "--sort-by=.lastTimestamp"], ctx, tail=50)
+
+
+def _diag_secrets(ctx: ExecutionContext) -> None:
+    _diag_namespace("kube-system", ctx)
+    _diag_namespace("external-secrets", ctx)
+
+
+def _diag_prometheus(ctx: ExecutionContext) -> None:
+    ns = "observability"
+    _run_cmd("Prometheus pods", ["kubectl", "get", "pods", "-n", ns, "-l", "app.kubernetes.io/name=prometheus"], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_grafana(ctx: ExecutionContext) -> None:
+    ns = "observability"
+    _run_cmd("Grafana svc", ["kubectl", "get", "svc", "-n", ns, "-l", "app.kubernetes.io/name=grafana"], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_loki(ctx: ExecutionContext) -> None:
+    ns = "observability"
+    _run_cmd("Loki statefulsets", ["kubectl", "get", "sts", "-n", ns, "-l", "app.kubernetes.io/name=loki"], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_traefik(ctx: ExecutionContext) -> None:
+    ns = "traefik"
+    _run_cmd("Traefik ingress", ["kubectl", "get", "ingress", "-n", ns], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_observability_ingress(ctx: ExecutionContext) -> None:
+    ns = "observability"
+    _run_cmd("Ingress objects", ["kubectl", "get", "ingress", "-n", ns], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_observability_dashboards(ctx: ExecutionContext) -> None:
+    ns = "observability"
+    _run_cmd("ConfigMaps dashboards", ["kubectl", "get", "configmap", "-n", ns, "-l", "raijin/dashboards=true"], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_minio(ctx: ExecutionContext) -> None:
+    ns = "minio"
+    _diag_namespace(ns, ctx)
+
+
+def _diag_kafka(ctx: ExecutionContext) -> None:
+    ns = "kafka"
+    _run_cmd("Kafka pods", ["kubectl", "get", "pods", "-n", ns, "-o", "wide"], ctx)
+    _diag_namespace(ns, ctx)
+
+
+def _diag_velero(ctx: ExecutionContext) -> None:
+    ns = "velero"
+    _diag_namespace(ns, ctx)
+
+
+def _diag_kong(ctx: ExecutionContext) -> None:
+    ns = "kong"
+    _diag_namespace(ns, ctx)
+
+
+DIAG_HANDLERS = {
+    "cert_manager": cert_manager.diagnose,
+    "calico": _diag_calico,
+    "secrets": _diag_secrets,
+    "prometheus": _diag_prometheus,
+    "grafana": _diag_grafana,
+    "loki": _diag_loki,
+    "traefik": _diag_traefik,
+    "observability_ingress": _diag_observability_ingress,
+    "observability_dashboards": _diag_observability_dashboards,
+    "minio": _diag_minio,
+    "kafka": _diag_kafka,
+    "velero": _diag_velero,
+    "kong": _diag_kong,
+}
+
+
+def _maybe_diagnose(name: str, ctx: ExecutionContext) -> None:
+    try:
+        if name in DIAG_HANDLERS:
+            DIAG_HANDLERS[name](ctx)
+            return
+
+        # fallback: health check se existir
+        ok = run_health_check(name, ctx)
+        if ok:
+            typer.secho(f"[diagnose] {name}: OK", fg=typer.colors.GREEN)
+        else:
+            typer.secho(f"[diagnose] {name}: falhou", fg=typer.colors.YELLOW)
+    except Exception as exc:
+        typer.secho(f"[diagnose] {name} falhou: {exc}", fg=typer.colors.YELLOW)
+
+
 # Ordem de execucao dos modulos para instalacao completa
 # Modulos marcados com skip_env podem ser pulados via variavel de ambiente
 INSTALL_SEQUENCE = [
@@ -108,12 +301,25 @@ def run(ctx: ExecutionContext) -> None:
         fg=typer.colors.CYAN,
     )
 
+    steps_override = ctx.selected_steps
+    if steps_override is None and ctx.interactive_steps:
+        steps_override = _select_steps_interactively()
+
+    # Debug/diagnose menu simples
+    if not ctx.debug_snapshots and not ctx.post_diagnose:
+        typer.secho("Ativar modo debug (snapshots + diagnose pos-modulo)?", fg=typer.colors.YELLOW)
+        if typer.confirm("Habilitar debug?", default=False):
+            ctx.debug_snapshots = True
+            ctx.post_diagnose = True
+
     # Mostra sequencia de instalacao
     typer.echo("Sequencia de instalacao:")
     for i, (name, _, desc, skip_env) in enumerate(INSTALL_SEQUENCE, 1):
         suffix = ""
         if skip_env and os.environ.get(skip_env, "").strip() in ("1", "true", "yes"):
             suffix = " [SKIP]"
+        if steps_override and name not in steps_override:
+            suffix = " [IGNORADO]"
         typer.echo(f"  {i:2}. {name:25} - {desc}{suffix}")
 
     typer.echo("")
@@ -126,7 +332,7 @@ def run(ctx: ExecutionContext) -> None:
     typer.echo("")
 
     if not ctx.dry_run:
-        if not typer.confirm("Deseja continuar com a instalacao completa?", default=True):
+        if not _confirm_colored("Deseja continuar com a instalacao completa?", default=True):
             typer.echo("Instalacao cancelada.")
             raise typer.Exit(code=0)
 
@@ -135,13 +341,25 @@ def run(ctx: ExecutionContext) -> None:
     succeeded = []
     skipped = []
 
+    cluster_ready = False
+
     for i, (name, handler, desc, skip_env) in enumerate(INSTALL_SEQUENCE, 1):
+        if steps_override and name not in steps_override:
+            skipped.append(name)
+            typer.secho(f"⏭ {name} ignorado (fora da lista selecionada)", fg=typer.colors.YELLOW)
+            continue
+
         # Verifica se modulo deve ser pulado via env
         if skip_env and os.environ.get(skip_env, "").strip() in ("1", "true", "yes"):
             skipped.append(name)
             typer.secho(f"⏭ {name} pulado via {skip_env}=1", fg=typer.colors.YELLOW)
             continue
 
+        if ctx.confirm_each_step:
+            if not _confirm_colored(f"Executar modulo '{name}' agora?", default=True):
+                skipped.append(name)
+                continue
+
         typer.secho(
             f"\n{'='*60}",
             fg=typer.colors.CYAN,
@@ -160,6 +378,15 @@ def run(ctx: ExecutionContext) -> None:
             handler(ctx)
             succeeded.append(name)
             typer.secho(f"✓ {name} concluido com sucesso", fg=typer.colors.GREEN)
+
+            if name == "kubernetes":
+                cluster_ready = True
+
+            if ctx.post_diagnose and cluster_ready:
+                _maybe_diagnose(name, ctx)
+
+            if ctx.debug_snapshots and cluster_ready:
+                _kube_snapshot(ctx, events=80)
         except KeyboardInterrupt:
             typer.secho(f"\n⚠ Instalacao interrompida pelo usuario no modulo '{name}'", fg=typer.colors.YELLOW)
             raise typer.Exit(code=130)

raijin_server/modules/kubernetes.py

@@ -146,6 +146,11 @@ def run(ctx: ExecutionContext) -> None:
     enable_service("containerd", ctx)
     enable_service("kubelet", ctx)
 
+    # Garante swap off antes de prosseguir (requisito kubeadm)
+    typer.echo("Desabilitando swap (requisito Kubernetes)...")
+    run_cmd(["swapoff", "-a"], ctx, check=False)
+    run_cmd("sed -i '/swap/d' /etc/fstab", ctx, use_shell=True, check=False)
+
     # kubeadm exige ip_forward=1; sobrepoe ajuste de hardening para fase de cluster.
     # Desabilita IPv6 completamente para evitar erros de preflight e simplificar rede
     sysctl_k8s = """# Kubernetes network settings
@@ -164,7 +169,19 @@ net.ipv6.conf.lo.disable_ipv6=1
     pod_cidr = typer.prompt("Pod CIDR", default="10.244.0.0/16")
     service_cidr = typer.prompt("Service CIDR", default="10.96.0.0/12")
     cluster_name = typer.prompt("Nome do cluster", default="raijin")
-    advertise_address = typer.prompt("API advertise address", default="0.0.0.0")
+    default_adv = "192.168.1.81"
+    advertise_address = typer.prompt("API advertise address", default=default_adv)
+    if advertise_address != default_adv:
+        typer.secho(
+            f"⚠ Para ambiente atual use {default_adv} (IP LAN, evita NAT).", fg=typer.colors.YELLOW
+        )
+        if not typer.confirm(f"Deseja forcar {default_adv}?", default=True):
+            typer.secho(
+                f"Usando valor informado: {advertise_address}. Certifique-se que todos os nos alcancem esse IP.",
+                fg=typer.colors.YELLOW,
+            )
+        else:
+            advertise_address = default_adv
 
     kubeadm_config = f"""apiVersion: kubeadm.k8s.io/v1beta3
 kind: ClusterConfiguration

raijin_server/modules/network.py

@@ -124,9 +124,9 @@ def run(ctx: ExecutionContext) -> None:
         )
 
     iface = typer.prompt("Interface", default="ens18")
-    address = typer.prompt("Endereco CIDR", default="192.168.0.10/24")
-    gateway = typer.prompt("Gateway", default="192.168.0.1")
-    dns = typer.prompt("DNS (separe por virgula)", default="1.1.1.1,8.8.8.8")
+    address = typer.prompt("Endereco CIDR", default="192.168.1.81/24")
+    gateway = typer.prompt("Gateway", default="192.168.1.254")
+    dns = typer.prompt("DNS (separe por virgula)", default="177.128.80.44,177.128.80.45")
 
     dns_list = ",".join([item.strip() for item in dns.split(",") if item.strip()])
     netplan_content = f"""network:

raijin_server/modules/prometheus.py

@@ -1,30 +1,115 @@
-"""Configuracao do Prometheus Stack via Helm."""
+"""Configuracao do Prometheus Stack via Helm (robust, production-ready)."""
+
+from __future__ import annotations
 
 import typer
 
-from raijin_server.utils import ExecutionContext, helm_upgrade_install, require_root
+from raijin_server.utils import (
+    ExecutionContext,
+    helm_upgrade_install,
+    kubectl_create_ns,
+    require_root,
+    run_cmd,
+)
+
+DEFAULT_NAMESPACE = "observability"
+
+
+def _get_default_storage_class(ctx: ExecutionContext) -> str:
+    if ctx.dry_run:
+        return ""
+    result = run_cmd(
+        [
+            "kubectl",
+            "get",
+            "storageclass",
+            "-o",
+            "jsonpath={.items[?(@.metadata.annotations['storageclass.kubernetes.io/is-default-class']=='true')].metadata.name}",
+        ],
+        ctx,
+        check=False,
+    )
+    return (result.stdout or "").strip()
+
+
+def _ensure_cluster_access(ctx: ExecutionContext) -> None:
+    if ctx.dry_run:
+        return
+    result = run_cmd(["kubectl", "cluster-info"], ctx, check=False)
+    if result.returncode != 0:
+        typer.secho("Cluster Kubernetes nao acessivel. Verifique kubeconfig/controle-plane.", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
 
 
 def run(ctx: ExecutionContext) -> None:
     require_root(ctx)
+    _ensure_cluster_access(ctx)
+
     typer.echo("Instalando kube-prometheus-stack via Helm...")
 
+    namespace = typer.prompt("Namespace destino", default=DEFAULT_NAMESPACE)
+    kubectl_create_ns(namespace, ctx)
+
+    default_sc = _get_default_storage_class(ctx)
+    enable_persistence = typer.confirm(
+        "Habilitar PVC para Prometheus e Alertmanager?", default=bool(default_sc)
+    )
+
     values = [
         "grafana.enabled=false",
         "prometheus.prometheusSpec.retention=15d",
         "prometheus.prometheusSpec.enableAdminAPI=true",
         "prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false",
-        "prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage=20Gi",
-        "alertmanager.alertmanagerSpec.storage.volumeClaimTemplate.spec.resources.requests.storage=10Gi",
+        "prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false",
         "defaultRules.create=true",
     ]
 
+    extra_args = ["--wait", "--timeout", "5m", "--atomic"]
+
+    chart_version = typer.prompt(
+        "Versao do chart (vazio para latest)",
+        default="",
+    ).strip()
+    if chart_version:
+        extra_args.extend(["--version", chart_version])
+
+    if enable_persistence:
+        storage_class = typer.prompt(
+            "StorageClass para PVC",
+            default=default_sc or "",
+        ).strip()
+        prom_size = typer.prompt("Tamanho PVC Prometheus", default="20Gi")
+        alert_size = typer.prompt("Tamanho PVC Alertmanager", default="10Gi")
+
+        if storage_class:
+            values.extend(
+                [
+                    f"prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.storageClassName={storage_class}",
+                    f"alertmanager.alertmanagerSpec.storage.volumeClaimTemplate.spec.storageClassName={storage_class}",
+                ]
+            )
+
+        values.extend(
+            [
+                f"prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage={prom_size}",
+                f"alertmanager.alertmanagerSpec.storage.volumeClaimTemplate.spec.resources.requests.storage={alert_size}",
+            ]
+        )
+    else:
+        typer.secho(
+            "PVC desativado: Prometheus/Alertmanager usarao volumes efemeros (sem retenção apos restart).",
+            fg=typer.colors.YELLOW,
+        )
+
     helm_upgrade_install(
         release="kube-prometheus-stack",
         chart="kube-prometheus-stack",
-        namespace="observability",
+        namespace=namespace,
         repo="prometheus-community",
         repo_url="https://prometheus-community.github.io/helm-charts",
         ctx=ctx,
         values=values,
+        extra_args=extra_args,
     )
+
+    typer.secho("kube-prometheus-stack instalado com sucesso.", fg=typer.colors.GREEN)

raijin_server/modules/sanitize.py

@@ -7,7 +7,14 @@ from pathlib import Path
 
 import typer
 
-from raijin_server.utils import ExecutionContext, require_root, run_cmd
+from raijin_server.utils import ExecutionContext, require_root, run_cmd, write_file
+
+# Defaults alinhados com configuracao de rede solicitada
+NETPLAN_IFACE = "ens18"
+NETPLAN_ADDRESS = "192.168.1.81/24"
+NETPLAN_GATEWAY = "192.168.1.254"
+NETPLAN_DNS = "177.128.80.44,177.128.80.45"
+NETPLAN_PATH = Path("/etc/netplan/01-raijin-static.yaml")
 
 SYSTEMD_SERVICES = [
     "kubelet",
@@ -48,6 +55,44 @@ APT_MARKERS = [
 ]
 
 
+def _ensure_netplan(ctx: ExecutionContext) -> None:
+    """Garante que o netplan esteja com IP fixo esperado; se ja estiver, mostra OK."""
+
+    desired = f"""network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    {NETPLAN_IFACE}:
+      dhcp4: false
+      addresses: [{NETPLAN_ADDRESS}]
+      gateway4: {NETPLAN_GATEWAY}
+      nameservers:
+        addresses: [{NETPLAN_DNS}]
+"""
+
+    existing = None
+    if NETPLAN_PATH.exists():
+        try:
+            existing = NETPLAN_PATH.read_text()
+        except Exception:
+            existing = None
+
+    if existing and all(x in existing for x in (NETPLAN_ADDRESS, NETPLAN_GATEWAY, NETPLAN_DNS)):
+        typer.secho(
+            f"\n✓ Netplan ja configurado com {NETPLAN_ADDRESS} / gw {NETPLAN_GATEWAY} / dns {NETPLAN_DNS}",
+            fg=typer.colors.GREEN,
+        )
+        return
+
+    typer.echo("Aplicando netplan padrao antes da limpeza...")
+    write_file(NETPLAN_PATH, desired, ctx)
+    run_cmd(["netplan", "apply"], ctx, check=False)
+    typer.secho(
+        f"✓ Netplan ajustado para {NETPLAN_ADDRESS} (gw {NETPLAN_GATEWAY}, dns {NETPLAN_DNS})",
+        fg=typer.colors.GREEN,
+    )
+
+
 def _stop_services(ctx: ExecutionContext) -> None:
     typer.echo("Parando serviços relacionados (kubelet, containerd)...")
     for service in SYSTEMD_SERVICES:
@@ -131,6 +176,9 @@ def run(ctx: ExecutionContext) -> None:
             typer.echo("Sanitizacao cancelada pelo usuario.")
             return
 
+    # Primeiro passo: garantir netplan consistente, sem quebrar ao limpar
+    _ensure_netplan(ctx)
+
     _stop_services(ctx)
     _kubeadm_reset(ctx)
     _flush_iptables(ctx)

raijin_server/scripts/install.sh

@@ -38,7 +38,7 @@ echo "Escolha o tipo de instalação:"
 echo "  1) Global (requer sudo, todos os usuários)"
 echo "  2) Virtual env (recomendado para desenvolvimento)"
 echo "  3) User install (apenas usuário atual)"
-read -p "Opção [2]: " INSTALL_TYPE
+read -r -p "Opção [2]: " INSTALL_TYPE
 INSTALL_TYPE=${INSTALL_TYPE:-2}
 
 echo ""
@@ -51,6 +51,7 @@ case $INSTALL_TYPE in
     2)
         echo -e "${YELLOW}Criando virtual environment...${NC}"
         python3 -m venv .venv
+        # shellcheck disable=SC1091
         source .venv/bin/activate
         pip install --upgrade pip
         pip install -e .
@@ -73,7 +74,7 @@ EOF
         
         # Adicionar ao PATH se necessário
         if [[ ":$PATH:" != *":$HOME/.local/bin:"* ]]; then
-            echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
+            echo "export PATH=\"$HOME/.local/bin:$PATH\"" >> ~/.bashrc
             echo -e "${YELLOW}⚠${NC} Adicionado $HOME/.local/bin ao PATH"
             echo "Execute: source ~/.bashrc"
         fi

raijin_server/scripts/log_size_metric.sh

@@ -11,21 +11,25 @@ OUTPUT=${RAIJIN_METRIC_FILE:-/var/lib/node_exporter/textfile_collector/raijin_lo
 # Calcula soma de todos os logs (principal + rotações)
 TOTAL_BYTES=0
 shopt -s nullglob
+
+METRICS_TMP=$(mktemp)
+trap 'rm -f "$METRICS_TMP"' EXIT
+
 for f in "$LOG_DIR"/$LOG_PATTERN; do
   size=$(stat -c%s "$f" 2>/dev/null || echo 0)
   TOTAL_BYTES=$((TOTAL_BYTES + size))
   if [[ "$f" =~ raijin-server\.log(\.\d+)?$ ]]; then
-    printf "raijin_log_size_bytes{file=\"%s\"} %d\n" "$(basename "$f")" "$size"
+    printf "raijin_log_size_bytes{file=\"%s\"} %d\n" "$(basename "$f")" "$size" >> "$METRICS_TMP"
   fi
-done | {
-  # Escreve métricas no arquivo final
-  mkdir -p "$(dirname "$OUTPUT")"
-  {
-    echo "# HELP raijin_log_size_bytes Tamanho dos logs do raijin-server (bytes)"
-    echo "# TYPE raijin_log_size_bytes gauge"
-    cat
-    echo "# HELP raijin_log_size_total_bytes Soma dos logs do raijin-server (bytes)"
-    echo "# TYPE raijin_log_size_total_bytes gauge"
-    echo "raijin_log_size_total_bytes ${TOTAL_BYTES}"
-  } > "$OUTPUT"
-}
+done
+
+# Escreve métricas no arquivo final
+mkdir -p "$(dirname "$OUTPUT")"
+{
+  echo "# HELP raijin_log_size_bytes Tamanho dos logs do raijin-server (bytes)"
+  echo "# TYPE raijin_log_size_bytes gauge"
+  cat "$METRICS_TMP"
+  echo "# HELP raijin_log_size_total_bytes Soma dos logs do raijin-server (bytes)"
+  echo "# TYPE raijin_log_size_total_bytes gauge"
+  echo "raijin_log_size_total_bytes ${TOTAL_BYTES}"
+} > "$OUTPUT"

raijin_server/scripts/pre-deploy-check.sh

@@ -49,6 +49,7 @@ fi
 echo ""
 echo "2. Verificando Sistema Operacional..."
 if [ -f /etc/os-release ]; then
+    # shellcheck disable=SC1091
     . /etc/os-release
     if [[ "$ID" == "ubuntu" ]]; then
         VERSION_NUM=$(echo "$VERSION_ID" | cut -d. -f1)
@@ -152,7 +153,7 @@ STATE_DIRS=("/var/lib/raijin-server/state" "$HOME/.local/share/raijin-server/sta
 FOUND_STATE=0
 for dir in "${STATE_DIRS[@]}"; do
     if [[ -d "$dir" ]]; then
-        MODULE_COUNT=$(ls -1 "$dir"/*.done 2>/dev/null | wc -l)
+        MODULE_COUNT=$(find "$dir" -maxdepth 1 -name '*.done' -type f 2>/dev/null | wc -l)
         if [[ $MODULE_COUNT -gt 0 ]]; then
             check_pass "$MODULE_COUNT modulos concluidos (em $dir)"
             FOUND_STATE=1

raijin_server/utils.py

@@ -29,9 +29,38 @@ BACKUP_COUNT = int(os.environ.get("RAIJIN_LOG_BACKUP_COUNT", 5))
 logger = logging.getLogger("raijin-server")
 logger.setLevel(logging.INFO)
 
-file_handler = RotatingFileHandler(LOG_FILE, maxBytes=MAX_LOG_BYTES, backupCount=BACKUP_COUNT)
+
+def _build_file_handler() -> RotatingFileHandler:
+    """Cria handler com fallback para $HOME quando /var/log exige root."""
+    try:
+        return RotatingFileHandler(LOG_FILE, maxBytes=MAX_LOG_BYTES, backupCount=BACKUP_COUNT)
+    except PermissionError:
+        fallback = Path.home() / ".raijin-server.log"
+        fallback.parent.mkdir(parents=True, exist_ok=True)
+        return RotatingFileHandler(fallback, maxBytes=MAX_LOG_BYTES, backupCount=BACKUP_COUNT)
+
+
+file_handler = _build_file_handler()
 stream_handler = logging.StreamHandler()
 
+
+def active_log_file() -> Path:
+    return Path(getattr(file_handler, "baseFilename", LOG_FILE))
+
+
+def available_log_files() -> list[Path]:
+    base = active_log_file()
+    pattern = base.name + "*"
+    return [p for p in sorted(base.parent.glob(pattern)) if p.is_file()]
+
+
+def page_text(content: str) -> None:
+    pager = shutil.which("less")
+    if pager:
+        subprocess.run([pager, "-R"], input=content, text=True, check=False)
+    else:
+        typer.echo(content)
+
 formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
 file_handler.setFormatter(formatter)
 stream_handler.setFormatter(formatter)
@@ -57,6 +86,13 @@ class ExecutionContext:
     timeout: int = 600  # 10 min for slow connections
     errors: list = field(default_factory=list)
     warnings: list = field(default_factory=list)
+    # Controle interativo/diagnostico
+    selected_steps: list[str] | None = None
+    confirm_each_step: bool = False
+    debug_snapshots: bool = False
+    post_diagnose: bool = False
+    color_prompts: bool = True
+    interactive_steps: bool = False
 
 
 def resolve_script_path(script_name: str) -> Path: