Instead of syncing JSON files back, the SQLite DB itself is now
the persistent store on the remote HAProxy host:
- Startup: download remote DB via SCP (skip migration if exists)
- After writes: upload local DB via SCP (WAL checkpoint first)
- JSON sync removed (sync_servers_json, sync_certs_json deleted)
New functions:
- ssh_ops: remote_download_file(), remote_upload_file() via SCP
- db: sync_db_to_remote(), _try_download_remote_db()
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove bash -c from remote_exec (pass command as single SSH arg)
- Fix remote_write_file to pass bash -c script as single quoted string
- Add LogLevel=ERROR to suppress SSH warning messages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add UserKnownHostsFile=/dev/null to prevent write errors on read-only .ssh
- Wrap all SSH commands with 'bash -c' for fish shell compatibility on remote
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
MCP server can now manage HAProxy running on a remote host via SSH.
When SSH_HOST env var is set, all file I/O and subprocess commands
(podman, acme.sh, openssl) are routed through SSH instead of local exec.
- Add ssh_ops.py module with remote_exec, run_command, file I/O helpers
- Modify file_ops.py to support remote reads/writes via SSH
- Update all tools (domains, certificates, health, configuration) for SSH
- Fix domains.py: replace direct fcntl usage with file_lock context manager
- Add openssh-client to Docker image for SSH connectivity
- Update k8s deployment with SSH env vars and SSH key secret mount
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
