Enterprise MCP for SUSE Linux administration with OBS, openQA, multi-SP support, and contribution pipeline
Project description
MCP SUSE Enterprise
Enterprise MCP server for SUSE Linux administration with OBS, openQA, multi-SP support, and contribution pipeline.
Installation
# Install from PyPI
pip install mcp-suse-enterprise
# Or run directly with uvx
uvx mcp-suse-enterprise
Configuration
Environment Variables
# SSH Connection
export MCP_SUSE_HOST=sles-server.example.com
export MCP_SUSE_USER=admin
export MCP_SUSE_PORT=22
export MCP_SUSE_KEY_PATH=~/.ssh/id_ed25519
# OBS (Open Build Service)
export OBS_API_URL=https://api.opensuse.org
export OBS_USERNAME=myuser
export OBS_API_KEY=your-api-key
# openQA
export OPENQA_URL=https://openqa.opensuse.org
export OPENQA_API_KEY=your-key
export OPENQA_API_SECRET=your-secret
# Logging
export MCP_SUSE_LOG_LEVEL=INFO # DEBUG, INFO, WARNING, ERROR
# Security Mode
export MCP_SUSE_SECURITY_MODE=execute # read-only (default) or execute
YAML Configuration
Create ~/.config/mcp-suse-enterprise/config.yaml:
# List format (recommended)
profiles:
- name: production
hostname: sles-prod.example.com
port: 22
user: admin
auth_method: key
key_path: ~/.ssh/id_ed25519
security_mode: read-only
is_default: true
- name: staging
hostname: sles-staging.example.com
user: tester
auth_method: password
security_mode: execute
# Dict format (also supported)
# profiles:
# production:
# hostname: sles-prod.example.com
# port: 22
# user: admin
# security_mode: execute
# is_default: true
obs:
api_url: https://api.opensuse.org
username: myuser
api_key: secret-key
openqa:
url: https://openqa.opensuse.org
api_key: qa-key
api_secret: qa-secret
log_level: INFO
ssh_pool_size: 5
Environment variables take priority over YAML values.
Tools by Namespace
suse.util.* (Always available)
suse.util.sanitize-text- Sanitize text for shell executionsuse.util.metrics- Server metrics and invocation statssuse.util.list-profiles- List connection profilessuse.util.detect-version- Detect SUSE distributionsuse.util.test-connection- Test SSH connectivitysuse.util.security-check- Check tool risk level
suse.admin.* (Requires SSH)
suse.admin.execute-command- Run arbitrary commands (requires execute mode)suse.admin.run-background- Run long commands in background, get job IDsuse.admin.get-job-status- Check if background job is still runningsuse.admin.get-job-output- Get stdout/stderr of background jobsuse.admin.kill-job- Kill a background job by PIDsuse.admin.service-status- Get systemd service statussuse.admin.service-restart- Restart a service (sudo)suse.admin.service-enable- Enable a service (sudo)suse.admin.service-disable- Disable a service (sudo)suse.admin.logs- Get system logs (journalctl)suse.admin.firewall-status- Firewall status
suse.zypper.* (Requires SSH)
suse.zypper.search- Search packagessuse.zypper.info- Package informationsuse.zypper.list-repos- List repositoriessuse.zypper.list-patches- List available patchessuse.zypper.list-patterns- List patternssuse.zypper.deps- Query dependenciessuse.zypper.dup-dry-run- Distribution upgrade dry-run
suse.obs.* (Requires OBS credentials)
suse.obs.list-projects- List OBS projectssuse.obs.list-packages- List packages in projectsuse.obs.build-status- Get build statussuse.obs.build-log- Get build logsuse.obs.branch- Branch a packagesuse.obs.submit-request- Create submit request
suse.openqa.* (Requires openQA credentials)
suse.openqa.list-jobs- List test jobssuse.openqa.get-job- Get job detailssuse.openqa.trigger-job- Trigger test jobsuse.openqa.job-modules- Get test modulessuse.openqa.list-suites- List test suites
suse.sle.* (Requires OBS credentials)
suse.sle.list-branches- List branch projectssuse.sle.release-status- Consolidated release status
Supported Distributions
- SLES 15 SP5, SP6
- openSUSE Leap 15.5, 15.6, 16.0
- openSUSE Tumbleweed
Security
- Default mode:
read-only(write operations require confirmation) suse.admin.execute-commandis blocked entirely in read-only mode- Shell injection detection on all inputs (
;,|,&,$(), backticks,>,<) - API keys never exposed in error messages
- All executed commands logged with timestamp, user, and host for audit
- Structured JSON audit logging to stderr
- Timeout enforcement on all commands (default 30s, configurable)
execute-command Security
The suse.admin.execute-command tool allows running arbitrary commands but with guardrails:
- Blocked in read-only mode — requires
security_mode: executeorMCP_SUSE_SECURITY_MODE=execute - Shell injection validation — commands containing
;,|,&,$(), backticks are rejected - Audit logging — every command is logged with timestamp, user, and host
- Timeout enforcement — commands killed after timeout (default 30s)
- Output truncation — large outputs (>1MB) are truncated
Background Jobs
For long-running commands (downloads, builds, imports), use the background job tools:
1. suse.admin.run-background command="wget -O /tmp/image.qcow2 https://..."
→ Returns: {job_id: "mcp-job-a1b2c3d4", pid: "12345", log_file: "/tmp/mcp-job-a1b2c3d4.log"}
2. suse.admin.get-job-status job_id="mcp-job-a1b2c3d4" pid="12345"
→ Returns: {running: true, output_tail: "... 45% ..."}
3. suse.admin.get-job-output job_id="mcp-job-a1b2c3d4" lines=100
→ Returns: {output: "...", total_lines: 250}
4. suse.admin.kill-job pid="12345" signal="TERM"
→ Returns: {success: true}
Background jobs:
- Run via
nohup— survive MCP reconnects - Output stored in
/tmp/mcp-job-<id>.log - Can be monitored, tailed, or killed at any time
- Require
security_mode: execute
MCP Client Configuration
Add to your MCP client config (e.g., Claude Desktop):
{
"mcpServers": {
"suse": {
"command": "uvx",
"args": ["mcp-suse-enterprise"],
"env": {
"MCP_SUSE_HOST": "your-suse-host.com",
"MCP_SUSE_USER": "admin",
"MCP_SUSE_KEY_PATH": "~/.ssh/id_ed25519"
}
}
}
}
Important Notes
- Do NOT run simultaneously with
mcp-suseMVP against the same host - Logs are emitted as JSON to stderr (stdout is reserved for MCP protocol)
- Connection pool reuses SSH connections for performance
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mcp_suse_enterprise-0.3.0.tar.gz
(53.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_suse_enterprise-0.3.0.tar.gz.
File metadata
- Download URL: mcp_suse_enterprise-0.3.0.tar.gz
- Upload date:
- Size: 53.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e07904aa5bb3e12572176a1bfe52be5889f8d666d33b20ab4967694b00ad54e5
|
|
| MD5 |
38635b94b7a59ed73fa66b76d54263a9
|
|
| BLAKE2b-256 |
0fb621f0549708e3ca66d0cf0fb64a85a5deb6fa113d3e1158010fb8b0835f0f
|
File details
Details for the file mcp_suse_enterprise-0.3.0-py3-none-any.whl.
File metadata
- Download URL: mcp_suse_enterprise-0.3.0-py3-none-any.whl
- Upload date:
- Size: 49.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.8 {"installer":{"name":"uv","version":"0.11.8","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a8b77777eb42669d73493717a94e6e1a679758ed1abb6ca9dae5be2f5eb71810
|
|
| MD5 |
4a3bfd0e017c7c2b82f46fe25ba5faed
|
|
| BLAKE2b-256 |
5f111d23b7addcdafc0d7b99113937a15fe2e0571ebabccd946aaeda728ee768
|
