feat: Add SSH remote execution for HAProxy on remote host

MCP server can now manage HAProxy running on a remote host via SSH. When SSH_HOST env var is set, all file I/O and subprocess commands (podman, acme.sh, openssl) are routed through SSH instead of local exec. - Add ssh_ops.py module with remote_exec, run_command, file I/O helpers - Modify file_ops.py to support remote reads/writes via SSH - Update all tools (domains, certificates, health, configuration) for SSH - Fix domains.py: replace direct fcntl usage with file_lock context manager - Add openssh-client to Docker image for SSH connectivity - Update k8s deployment with SSH env vars and SSH key secret mount Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 22:56:54 +09:00
parent ca3975c94c
commit e40d69a1b1
10 changed files with 416 additions and 325 deletions
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -32,8 +32,20 @@ spec:
              value: "10.253.100.107"
            - name: HAPROXY_PORT
              value: "9999"
+            - name: SSH_HOST
+              value: "10.253.100.107"
+            - name: SSH_USER
+              value: "root"
+            - name: SSH_KEY
+              value: "/root/.ssh/id_rsa"
+            - name: SSH_PORT
+              value: "22"
            - name: LOG_LEVEL
              value: "INFO"
+          volumeMounts:
+            - name: ssh-key
+              mountPath: /root/.ssh
+              readOnly: true
          readinessProbe:
            tcpSocket:
              port: 8000
@@ -51,3 +63,8 @@ spec:
            limits:
              memory: "256Mi"
              cpu: "500m"
+      volumes:
+        - name: ssh-key
+          secret:
+            secretName: haproxy-ssh-key
+            defaultMode: 0600