raijin-server 0.2.7__tar.gz → 0.2.8__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {raijin_server-0.2.7/src/raijin_server.egg-info → raijin_server-0.2.8}/PKG-INFO +1 -1
- {raijin_server-0.2.7 → raijin_server-0.2.8}/setup.cfg +1 -1
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/config.py +4 -4
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/healthchecks.py +22 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/kubernetes.py +18 -1
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/network.py +3 -3
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/sanitize.py +49 -1
- {raijin_server-0.2.7 → raijin_server-0.2.8/src/raijin_server.egg-info}/PKG-INFO +1 -1
- {raijin_server-0.2.7 → raijin_server-0.2.8}/LICENSE +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/README.md +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/pyproject.toml +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/__init__.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/cli.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/__init__.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/apokolips_demo.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/bootstrap.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/calico.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/cert_manager.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/essentials.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/firewall.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/full_install.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/grafana.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/hardening.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/harness.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/istio.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/kafka.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/kong.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/loki.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/minio.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/observability_dashboards.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/observability_ingress.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/prometheus.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/secrets.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/ssh_hardening.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/traefik.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/velero.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/vpn.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/scripts/__init__.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/scripts/checklist.sh +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/scripts/install.sh +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/scripts/log_size_metric.sh +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/scripts/pre-deploy-check.sh +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/utils.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/validators.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server.egg-info/SOURCES.txt +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server.egg-info/dependency_links.txt +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server.egg-info/entry_points.txt +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server.egg-info/requires.txt +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server.egg-info/top_level.txt +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/tests/test_full_install_sequence.py +0 -0
- {raijin_server-0.2.7 → raijin_server-0.2.8}/tests/test_registry.py +0 -0
|
@@ -78,15 +78,15 @@ class ConfigManager:
|
|
|
78
78
|
"modules": {
|
|
79
79
|
"network": {
|
|
80
80
|
"interface": "ens18",
|
|
81
|
-
"address": "192.168.
|
|
82
|
-
"gateway": "192.168.
|
|
83
|
-
"dns": "
|
|
81
|
+
"address": "192.168.1.81/24",
|
|
82
|
+
"gateway": "192.168.1.254",
|
|
83
|
+
"dns": "177.128.80.44,177.128.80.45",
|
|
84
84
|
},
|
|
85
85
|
"kubernetes": {
|
|
86
86
|
"pod_cidr": "10.244.0.0/16",
|
|
87
87
|
"service_cidr": "10.96.0.0/12",
|
|
88
88
|
"cluster_name": "raijin",
|
|
89
|
-
"advertise_address": "
|
|
89
|
+
"advertise_address": "192.168.1.81",
|
|
90
90
|
},
|
|
91
91
|
"calico": {
|
|
92
92
|
"pod_cidr": "10.244.0.0/16",
|
|
@@ -124,6 +124,21 @@ def check_k8s_pods_in_namespace(namespace: str, ctx: ExecutionContext, timeout:
|
|
|
124
124
|
)
|
|
125
125
|
|
|
126
126
|
|
|
127
|
+
def check_swap_disabled(ctx: ExecutionContext) -> tuple[bool, str]:
|
|
128
|
+
"""Confirma que nao ha swap ativa (requisito kubeadm/kubelet)."""
|
|
129
|
+
if ctx.dry_run:
|
|
130
|
+
return True, "dry-run"
|
|
131
|
+
try:
|
|
132
|
+
with open("/proc/swaps") as f:
|
|
133
|
+
lines = f.read().strip().splitlines()
|
|
134
|
+
# /proc/swaps tem header + linhas; se so header, swap esta off
|
|
135
|
+
if len(lines) <= 1:
|
|
136
|
+
return True, "swap desativada"
|
|
137
|
+
return False, "swap ativa (remova entradas do fstab e execute swapoff -a)"
|
|
138
|
+
except Exception as exc:
|
|
139
|
+
return False, f"falha ao verificar swap: {exc}"
|
|
140
|
+
|
|
141
|
+
|
|
127
142
|
def check_helm_release(release: str, namespace: str, ctx: ExecutionContext) -> Tuple[bool, str]:
|
|
128
143
|
"""Verifica status de um release Helm."""
|
|
129
144
|
if ctx.dry_run:
|
|
@@ -217,6 +232,13 @@ def verify_kubernetes(ctx: ExecutionContext) -> bool:
|
|
|
217
232
|
services = ["kubelet", "containerd"]
|
|
218
233
|
all_ok = True
|
|
219
234
|
|
|
235
|
+
swap_ok, swap_msg = check_swap_disabled(ctx)
|
|
236
|
+
if swap_ok:
|
|
237
|
+
typer.secho(f" ✓ Swap: {swap_msg}", fg=typer.colors.GREEN)
|
|
238
|
+
else:
|
|
239
|
+
typer.secho(f" ✗ Swap: {swap_msg}", fg=typer.colors.RED)
|
|
240
|
+
all_ok = False
|
|
241
|
+
|
|
220
242
|
for service in services:
|
|
221
243
|
ok, status = check_systemd_service(service, ctx)
|
|
222
244
|
if ok:
|
|
@@ -146,6 +146,11 @@ def run(ctx: ExecutionContext) -> None:
|
|
|
146
146
|
enable_service("containerd", ctx)
|
|
147
147
|
enable_service("kubelet", ctx)
|
|
148
148
|
|
|
149
|
+
# Garante swap off antes de prosseguir (requisito kubeadm)
|
|
150
|
+
typer.echo("Desabilitando swap (requisito Kubernetes)...")
|
|
151
|
+
run_cmd(["swapoff", "-a"], ctx, check=False)
|
|
152
|
+
run_cmd("sed -i '/swap/d' /etc/fstab", ctx, use_shell=True, check=False)
|
|
153
|
+
|
|
149
154
|
# kubeadm exige ip_forward=1; sobrepoe ajuste de hardening para fase de cluster.
|
|
150
155
|
# Desabilita IPv6 completamente para evitar erros de preflight e simplificar rede
|
|
151
156
|
sysctl_k8s = """# Kubernetes network settings
|
|
@@ -164,7 +169,19 @@ net.ipv6.conf.lo.disable_ipv6=1
|
|
|
164
169
|
pod_cidr = typer.prompt("Pod CIDR", default="10.244.0.0/16")
|
|
165
170
|
service_cidr = typer.prompt("Service CIDR", default="10.96.0.0/12")
|
|
166
171
|
cluster_name = typer.prompt("Nome do cluster", default="raijin")
|
|
167
|
-
|
|
172
|
+
default_adv = "192.168.1.81"
|
|
173
|
+
advertise_address = typer.prompt("API advertise address", default=default_adv)
|
|
174
|
+
if advertise_address != default_adv:
|
|
175
|
+
typer.secho(
|
|
176
|
+
f"⚠ Para ambiente atual use {default_adv} (IP LAN, evita NAT).", fg=typer.colors.YELLOW
|
|
177
|
+
)
|
|
178
|
+
if not typer.confirm(f"Deseja forcar {default_adv}?", default=True):
|
|
179
|
+
typer.secho(
|
|
180
|
+
f"Usando valor informado: {advertise_address}. Certifique-se que todos os nos alcancem esse IP.",
|
|
181
|
+
fg=typer.colors.YELLOW,
|
|
182
|
+
)
|
|
183
|
+
else:
|
|
184
|
+
advertise_address = default_adv
|
|
168
185
|
|
|
169
186
|
kubeadm_config = f"""apiVersion: kubeadm.k8s.io/v1beta3
|
|
170
187
|
kind: ClusterConfiguration
|
|
@@ -124,9 +124,9 @@ def run(ctx: ExecutionContext) -> None:
|
|
|
124
124
|
)
|
|
125
125
|
|
|
126
126
|
iface = typer.prompt("Interface", default="ens18")
|
|
127
|
-
address = typer.prompt("Endereco CIDR", default="192.168.
|
|
128
|
-
gateway = typer.prompt("Gateway", default="192.168.
|
|
129
|
-
dns = typer.prompt("DNS (separe por virgula)", default="
|
|
127
|
+
address = typer.prompt("Endereco CIDR", default="192.168.1.81/24")
|
|
128
|
+
gateway = typer.prompt("Gateway", default="192.168.1.254")
|
|
129
|
+
dns = typer.prompt("DNS (separe por virgula)", default="177.128.80.44,177.128.80.45")
|
|
130
130
|
|
|
131
131
|
dns_list = ",".join([item.strip() for item in dns.split(",") if item.strip()])
|
|
132
132
|
netplan_content = f"""network:
|
|
@@ -7,7 +7,14 @@ from pathlib import Path
|
|
|
7
7
|
|
|
8
8
|
import typer
|
|
9
9
|
|
|
10
|
-
from raijin_server.utils import ExecutionContext, require_root, run_cmd
|
|
10
|
+
from raijin_server.utils import ExecutionContext, require_root, run_cmd, write_file
|
|
11
|
+
|
|
12
|
+
# Defaults alinhados com configuracao de rede solicitada
|
|
13
|
+
NETPLAN_IFACE = "ens18"
|
|
14
|
+
NETPLAN_ADDRESS = "192.168.1.81/24"
|
|
15
|
+
NETPLAN_GATEWAY = "192.168.1.254"
|
|
16
|
+
NETPLAN_DNS = "177.128.80.44,177.128.80.45"
|
|
17
|
+
NETPLAN_PATH = Path("/etc/netplan/01-raijin-static.yaml")
|
|
11
18
|
|
|
12
19
|
SYSTEMD_SERVICES = [
|
|
13
20
|
"kubelet",
|
|
@@ -48,6 +55,44 @@ APT_MARKERS = [
|
|
|
48
55
|
]
|
|
49
56
|
|
|
50
57
|
|
|
58
|
+
def _ensure_netplan(ctx: ExecutionContext) -> None:
|
|
59
|
+
"""Garante que o netplan esteja com IP fixo esperado; se ja estiver, mostra OK."""
|
|
60
|
+
|
|
61
|
+
desired = f"""network:
|
|
62
|
+
version: 2
|
|
63
|
+
renderer: networkd
|
|
64
|
+
ethernets:
|
|
65
|
+
{NETPLAN_IFACE}:
|
|
66
|
+
dhcp4: false
|
|
67
|
+
addresses: [{NETPLAN_ADDRESS}]
|
|
68
|
+
gateway4: {NETPLAN_GATEWAY}
|
|
69
|
+
nameservers:
|
|
70
|
+
addresses: [{NETPLAN_DNS}]
|
|
71
|
+
"""
|
|
72
|
+
|
|
73
|
+
existing = None
|
|
74
|
+
if NETPLAN_PATH.exists():
|
|
75
|
+
try:
|
|
76
|
+
existing = NETPLAN_PATH.read_text()
|
|
77
|
+
except Exception:
|
|
78
|
+
existing = None
|
|
79
|
+
|
|
80
|
+
if existing and all(x in existing for x in (NETPLAN_ADDRESS, NETPLAN_GATEWAY, NETPLAN_DNS)):
|
|
81
|
+
typer.secho(
|
|
82
|
+
f"\n✓ Netplan ja configurado com {NETPLAN_ADDRESS} / gw {NETPLAN_GATEWAY} / dns {NETPLAN_DNS}",
|
|
83
|
+
fg=typer.colors.GREEN,
|
|
84
|
+
)
|
|
85
|
+
return
|
|
86
|
+
|
|
87
|
+
typer.echo("Aplicando netplan padrao antes da limpeza...")
|
|
88
|
+
write_file(NETPLAN_PATH, desired, ctx)
|
|
89
|
+
run_cmd(["netplan", "apply"], ctx, check=False)
|
|
90
|
+
typer.secho(
|
|
91
|
+
f"✓ Netplan ajustado para {NETPLAN_ADDRESS} (gw {NETPLAN_GATEWAY}, dns {NETPLAN_DNS})",
|
|
92
|
+
fg=typer.colors.GREEN,
|
|
93
|
+
)
|
|
94
|
+
|
|
95
|
+
|
|
51
96
|
def _stop_services(ctx: ExecutionContext) -> None:
|
|
52
97
|
typer.echo("Parando serviços relacionados (kubelet, containerd)...")
|
|
53
98
|
for service in SYSTEMD_SERVICES:
|
|
@@ -131,6 +176,9 @@ def run(ctx: ExecutionContext) -> None:
|
|
|
131
176
|
typer.echo("Sanitizacao cancelada pelo usuario.")
|
|
132
177
|
return
|
|
133
178
|
|
|
179
|
+
# Primeiro passo: garantir netplan consistente, sem quebrar ao limpar
|
|
180
|
+
_ensure_netplan(ctx)
|
|
181
|
+
|
|
134
182
|
_stop_services(ctx)
|
|
135
183
|
_kubeadm_reset(ctx)
|
|
136
184
|
_flush_iptables(ctx)
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/observability_dashboards.py
RENAMED
|
File without changes
|
{raijin_server-0.2.7 → raijin_server-0.2.8}/src/raijin_server/modules/observability_ingress.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|