Kolla OpenStack MCP Server
MCP server for managing Kolla-Ansible OpenStack containers on bare-metal hypervisors via SSH.
Overview
The Kolla OpenStack MCP Server provides 10 tools for inspecting and managing the Kolla-Ansible deployed OpenStack containers running on bare-metal hypervisors. Unlike the OpenStack MCP Server (which talks to the OpenStack API), this server operates at the container level — listing Docker containers, reading logs, checking health, restarting services, and executing commands inside containers.
| Property | Value |
|---|---|
| Port | 50061 |
| Transport | JSON-RPC at /jsonrpc |
| Namespace | f3iai |
| Backend | Paramiko SSH to hypervisors |
Hypervisors
The server connects to three bare-metal hypervisors running Kolla-Ansible OpenStack:
| Hostname | IP Address | Role |
|---|---|---|
hyperv-1 |
192.168.1.241 | Compute + Control |
hyperv-2 |
192.168.1.242 | Compute + Control |
hyperv-3 |
192.168.1.243 | Compute + Control |
SSH authentication uses a private key mounted from the hypervisor-ssh-key Kubernetes secret. The server connects as the kolla user by default.
Tools
kolla_list_containers
List all Kolla containers on a hypervisor, optionally filtered by service name.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
service |
string | no | Filter by service name (e.g., nova, neutron) |
kolla_inspect_container
Return detailed inspection data for a specific container (image, state, config, mounts).
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name |
kolla_container_logs
Retrieve container logs with configurable tail length.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name |
tail |
integer | no | Number of lines (default 100) |
kolla_container_health
Check the health status of a container (healthy, unhealthy, no healthcheck).
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name |
kolla_restart_container
Restart a Kolla container. Uses docker restart on the target hypervisor.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name to restart |
kolla_exec
Execute a command inside a running Kolla container. Includes a dangerous command blocklist that rejects destructive operations (rm -rf, dd, mkfs, shutdown, etc.) to prevent accidental damage.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name |
command |
string | yes | Command to execute |
kolla_list_services
List all Kolla OpenStack services and their container counts on a hypervisor. Uses the KOLLA_SERVICES mapping to group containers by service.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
kolla_service_status
Get the aggregate status of an OpenStack service — how many of its containers are running, stopped, or unhealthy.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
service |
string | yes | Service name (e.g., nova, neutron) |
kolla_check_config
Validate a Kolla container’s configuration files by running the service’s config validation command.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
container_name |
string | yes | Container name |
kolla_get_service_logs
Retrieve aggregated logs from all containers belonging to a specific OpenStack service.
| Parameter | Type | Required | Description |
|---|---|---|---|
hypervisor |
string | yes | Hypervisor hostname or IP |
service |
string | yes | Service name |
tail |
integer | no | Lines per container (default 50) |
KOLLA_SERVICES Mapping
The server maintains a mapping of OpenStack service names to their Kolla container prefixes:
| Service | Container Prefixes |
|---|---|
nova |
nova_api, nova_compute, nova_conductor, nova_scheduler, nova_novncproxy |
neutron |
neutron_server, neutron_openvswitch_agent, neutron_dhcp_agent, neutron_l3_agent, neutron_metadata_agent |
keystone |
keystone, keystone_fernet |
glance |
glance_api |
cinder |
cinder_api, cinder_scheduler, cinder_volume |
horizon |
horizon |
heat |
heat_api, heat_engine |
placement |
placement_api |
mariadb |
mariadb |
rabbitmq |
rabbitmq |
memcached |
memcached |
openvswitch |
openvswitch_db, openvswitch_vswitchd |
Dangerous Command Blocking
The kolla_exec tool validates commands against a blocklist before execution. Blocked patterns include:
rm -rf /and variantsdd if=with device targetsmkfs,fdisk,partedshutdown,reboot,halt,poweroffiptables -F,iptables -Xsystemctl stop,systemctl disable
If a blocked command is detected, the tool returns an error without executing anything on the hypervisor.
SSH Key Configuration
The SSH private key is stored in a Kubernetes secret:
apiVersion: v1
kind: Secret
metadata:
name: hypervisor-ssh-key
namespace: f3iai
type: Opaque
data:
id_rsa: <base64-encoded-private-key>
The key is mounted into the pod at /secrets/ssh/id_rsa and referenced by the Paramiko SSH client.
Health Endpoints
| Endpoint | Purpose |
|---|---|
/health |
Liveness — process is running |
/ready |
Readiness — can SSH to at least one hypervisor |