feat: Add SSH remote execution for HAProxy on remote host

MCP server can now manage HAProxy running on a remote host via SSH. When SSH_HOST env var is set, all file I/O and subprocess commands (podman, acme.sh, openssl) are routed through SSH instead of local exec. - Add ssh_ops.py module with remote_exec, run_command, file I/O helpers - Modify file_ops.py to support remote reads/writes via SSH - Update all tools (domains, certificates, health, configuration) for SSH - Fix domains.py: replace direct fcntl usage with file_lock context manager - Add openssh-client to Docker image for SSH connectivity - Update k8s deployment with SSH env vars and SSH key secret mount Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 22:56:54 +09:00
parent ca3975c94c
commit e40d69a1b1
10 changed files with 416 additions and 325 deletions
--- a/haproxy_mcp/haproxy_client.py
+++ b/haproxy_mcp/haproxy_client.py
@@ -1,7 +1,6 @@
 """HAProxy Runtime API client functions."""

 import socket
-import subprocess
 import select
 import time

@@ -14,6 +13,7 @@ from .config import (
    SUBPROCESS_TIMEOUT,
 )
 from .exceptions import HaproxyError
+from .ssh_ops import run_command


 def haproxy_cmd(command: str) -> str:
@@ -147,23 +147,23 @@ def reload_haproxy() -> tuple[bool, str]:
        Tuple of (success, message)
    """
    try:
-        validate = subprocess.run(
+        validate = run_command(
            ["podman", "exec", HAPROXY_CONTAINER, "haproxy", "-c", "-f", "/usr/local/etc/haproxy/haproxy.cfg"],
-            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT
+            timeout=SUBPROCESS_TIMEOUT,
        )
        if validate.returncode != 0:
            return False, f"Config validation failed:\n{validate.stderr}"

-        result = subprocess.run(
+        result = run_command(
            ["podman", "kill", "--signal", "USR2", HAPROXY_CONTAINER],
-            capture_output=True, text=True, timeout=SUBPROCESS_TIMEOUT
+            timeout=SUBPROCESS_TIMEOUT,
        )
        if result.returncode != 0:
            return False, f"Reload failed: {result.stderr}"
        return True, "OK"
-    except subprocess.TimeoutExpired:
+    except TimeoutError:
        return False, f"Command timed out after {SUBPROCESS_TIMEOUT} seconds"
    except FileNotFoundError:
-        return False, "podman command not found"
+        return False, "ssh/podman command not found"
    except OSError as e:
        return False, f"OS error: {e}"