MCP-OpenStack-Ops
Provides comprehensive OpenStack project management and monitoring capabilities, including compute, networking, storage, images, identity, Heat, and Octavia load balancing operations, all scoped to a single project with safety controls.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP-OpenStack-Opslist all running instances in my project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP-OpenStack-Ops
MCP OpenStack Operations Server: A comprehensive MCP (Model Context Protocol) server providing OpenStack project management and monitoring capabilities with built-in safety controls and single-project scope.
Architecture & Internal (DeepWiki)
Features
✅ Project-Scoped Operations: Every tool enforces the configured
OS_PROJECT_NAME, validating resource ownership so actions stay inside a single tenant.✅ Safety-Gated Writes: Modify (
set_*) tooling only registers whenALLOW_MODIFY_OPERATIONS=true, keeping default deployments read-only and auditable.✅ 90+ Purpose-Built Tools: Broad coverage across compute, networking, storage, images, identity, Heat, and Octavia load balancing tasks—all constrained to the current project.
✅ Bulk & Filtered Actions: Instance, volume, network, image, snapshot, and keypair managers accept comma-delimited targets or filter criteria to orchestrate bulk changes intentionally.
✅ Post-Action Feedback & Async Guidance: Mutating tools reuse a shared result handler that adds emoji status checks, asynchronous timing notes, and follow-up verification commands.
✅ Monitoring & Usage Insights:
get_service_status,get_resource_monitoring,get_usage_statistics, and quota tools surface service availability, utilization, and capacity for the active project.✅ Unified Instance Queries: The
get_instancetool consolidates name, ID, status, and free-form search paths with pagination plus summary/detailed modes.✅ Server Insight & Audit Trail: Dedicated tools expose server events, hypervisor details, availability zones, quotas, and resource ownership to speed diagnostics.
✅ Load Balancer Management: Octavia tools cover listeners, pools, members, health monitors, flavors, quotas, and amphora operations with the same safety gates.
✅ Connection & Deployment Flexibility: Connection caching, configurable service endpoints, Docker packaging, and both
stdio/streamable-httptransports support proxy/bastion and multi-project setups.
⚠️ Compatibility Notice: This MCP server is developed and optimized for OpenStack Epoxy (2025.1) as the primary target environment. However, it is compatible with most modern OpenStack releases (Dalmatian, Caracal, Bobcat, etc.) as the majority of APIs remain consistent across versions. Only a few specific API endpoints may require adaptation for full compatibility with older releases.
🚧 Coming Soon: Dynamic multi-version OpenStack API compatibility is actively under development and will be available in upcoming releases, providing seamless support for all major OpenStack deployments automatically.
🔧 OpenStackSDK Version Customization for Older Releases
Officially Supported Releases:
✅ OpenStack Epoxy (2025.1) - Fully tested
✅ OpenStack Dalmatian (2024.2) - Fully tested
For older OpenStack releases (Wallaby, Caracal, Bobcat, etc.), you may need to customize the OpenStackSDK version to match your environment. The SDK version must be changed in BOTH files:
Step 1: Modify Dockerfile.MCP-Server
RUN pip install \
'uv>=0.8.5' \
'mcpo>=0.0.17' \
'fastmcp>=2.12.3' \
'aiohttp>=3.12.0' \
'openstacksdk==3.1.1' \ # ← Change to your required version (e.g., 3.1.1 for Wallaby)
'python-dotenv>=1.0.0'Step 2: Modify pyproject.toml
dependencies = [
"fastmcp>=2.12.3",
"openstacksdk==3.1.1", # ← Must match Dockerfile version
"python-dotenv>=1.1.1",
# ... other dependencies
]Step 3: Rebuild Docker Image
docker-compose build --no-cache mcp-server
docker-compose up -dOpenStackSDK Version Reference:
OpenStack Release | Recommended SDK Version | Notes |
Epoxy (2025.1) |
| Current default |
Dalmatian (2024.2) |
| Fully compatible |
Caracal (2024.1) |
| May require testing |
Bobcat (2023.2) |
| May require testing |
Wallaby (2021.1) |
| Downgrade required |
⚠️ Important: Both
Dockerfile.MCP-Serverandpyproject.tomlmust have the same version to avoid dependency conflicts during container runtime.
Screenshots
OpenStack Dashboard (Epoxy 2025.1)
MCP Query Example - Cluster Status
🆕 Latest Enhancements (v1.x)
Bulk Operations & Filter-based Targeting
Revolutionary approach to resource management enabling one-step operations:
# Traditional approach (multiple steps):
1. search_instances("test") → get list
2. set_instance("vm1", "stop") → stop individually
3. set_instance("vm2", "stop") → stop individually
# NEW enhanced approach (single step):
set_instance(action="stop", name_contains="test") # ✨ Stops ALL instances containing "test"Supported Tools with Enhanced Capabilities:
set_instance: Bulk lifecycle management with filtering (name_contains, status, flavor_contains, image_contains)set_volume: Bulk volume operations with filtering (name_contains, status, size filtering)set_image: Bulk image management with filtering (name_contains, status)set_networks: Bulk network operations with filtering (name_contains, status)set_keypair: Bulk keypair management with filtering (name_contains)set_snapshot: Bulk snapshot operations with filtering (name_contains, status)
Input Format Flexibility:
# Single resource
resource_names="vm1"
# Multiple resources (comma-separated)
resource_names="vm1,vm2,vm3"
# JSON array format
resource_names='["vm1", "vm2", "vm3"]'
# Filter-based (automatic target identification)
name_contains="test", status="ACTIVE"Post-Action Status Verification
Every operation now provides immediate feedback with visual indicators:
✅ Bulk Instance Management - Action: stop
📊 Total instances: 3
✅ Successes: 2
❌ Failures: 1
Post-Action Status:
🟢 test-vm-1: SHUTOFF
🟢 test-vm-2: SHUTOFF
🔴 test-vm-3: ERRORUnified Resource Queries
New consolidated get_instance tool replaces multiple separate tools:
❌ Old:
get_instance_details,get_instance_info,get_instance_status,get_instance_network_info✅ New:
get_instance(instance_names="vm1,vm2")- Single tool, comprehensive information
📊 OpenStack CLI vs MCP Tools Mapping
Detailed Mapping by Category
1. 🖥️ Compute (Nova)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | NEW UNIFIED - Pagination, filtering support |
|
| ✅ | ENHANCED - Replaces get_instance_by_name, get_instance_by_id |
|
| ✅ | ENHANCED - Bulk creation support |
|
| ✅ | ENHANCED - Bulk operations with filtering |
|
| ✅ | ENHANCED - Bulk deletion with name_contains filtering |
|
| ✅ | Backup creation with rotation |
|
| ✅ | Image/snapshot creation |
|
| ✅ | Instance shelving |
|
| ✅ | Instance locking |
|
| ✅ | Instance pausing |
|
| ✅ | Instance suspension |
|
| ✅ | Instance resizing |
|
| ✅ | Resize confirmation |
|
| ✅ | Resize revert |
|
| ✅ | Instance rebuilding |
|
| ✅ | Recovery mode |
|
| ✅ | Live migration |
|
| ✅ | Server evacuation |
|
| ✅ | Migration listing |
|
| ✅ | Migration details |
|
| ✅ | Migration abort |
|
| ✅ | Migration confirmation |
|
| ✅ | Force migration completion |
|
| ✅ | Network attachment |
|
| ✅ | Network detachment |
|
| ✅ | Port attachment |
|
| ✅ | Port detachment |
|
| ✅ | Floating IP association |
|
| ✅ | Floating IP disassociation |
|
| ✅ | Fixed IP addition |
|
| ✅ | Fixed IP removal |
|
| ✅ | Security group addition |
|
| ✅ | Security group removal |
|
| ✅ | Volume attachment |
|
| ✅ | Volume detachment |
|
| ✅ | Server property setting |
|
| ✅ | Server property unsetting |
|
| ✅ | Server dump creation |
|
| ✅ | Server event tracking |
|
| ✅ | Server group listing |
|
| ✅ | Server group management |
|
| ✅ | Flavor listing |
|
| ✅ | Flavor management |
|
| ✅ | Keypair listing |
|
| ✅ | Keypair management |
|
| ✅ | Hypervisor querying |
|
| ✅ | Availability zone listing |
2. 🌐 Network (Neutron)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Detailed network information |
|
| ✅ | Specific network query |
|
| ✅ | ENHANCED - Bulk network creation |
|
| ✅ | ENHANCED - Bulk deletion with filtering |
|
| ✅ | ENHANCED - Bulk updates |
|
| ✅ | Subnet information included |
|
| ✅ | Subnet management |
|
| ✅ | Router listing |
| (Not yet implemented) | 🚧 | Router management |
|
| ✅ | Floating IP listing |
|
| ✅ | Floating IP creation |
|
| ✅ | Floating IP deletion |
|
| ✅ | Floating IP property setting |
|
| ✅ | Floating IP details |
|
| ✅ | Floating IP property clearing |
|
| ✅ | Floating IP pool listing |
|
| ✅ | Port forwarding creation |
|
| ✅ | Port forwarding deletion |
|
| ✅ | Port forwarding listing |
|
| ✅ | Port forwarding updates |
|
| ✅ | Port forwarding details |
|
| ✅ | Security group listing |
| (Not yet implemented) | 🚧 | Security group management |
|
| ✅ | Port information included |
|
| ✅ | Port management |
| (Not yet implemented) | 🚧 | QoS policy listing |
|
| ✅ | QoS policy management |
|
| ✅ | Network agents |
|
| ✅ | Network agent management |
3. 💾 Storage (Cinder)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Volume listing |
|
| ✅ | Specific volume query |
|
| ✅ | Volume creation/deletion |
|
| ✅ | Volume property modification |
|
| ✅ | Volume type listing |
| (Not yet implemented) | 🚧 | Volume type management |
|
| ✅ | Snapshot listing |
|
| ✅ | Snapshot management |
| (Not yet implemented) | 🚧 | Backup listing |
|
| ✅ | Volume backup management |
| (Not yet implemented) | 🚧 | Volume transfer |
|
| ✅ | Server volume listing |
|
| ✅ | Server volume attach/detach |
| (Not yet implemented) | 🚧 | Volume group listing |
|
| ✅ | Volume group management |
| (Not yet implemented) | 🚧 | QoS listing |
|
| ✅ | QoS management |
4. 🖼️ Image (Glance)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Image listing |
|
| ✅ | Specific image query |
|
| ✅ | Enhanced image creation with min_disk, min_ram, properties |
|
| ✅ | Image deletion |
|
| ✅ | Image property modification |
|
| ✅ | Image download |
| (Not yet implemented) | 🚧 | Project sharing |
| (Not yet implemented) | 🚧 | Member listing |
|
| ✅ | Image member management |
|
| ✅ | Image metadata |
|
| ✅ | Image visibility setting |
5. 👥 Identity (Keystone)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | User listing |
|
| ✅ | Specific user query |
| (Not yet implemented) | 🚧 | User management |
|
| ✅ | Project listing |
|
| ✅ | Specific project query |
|
| ✅ | Project management |
|
| ✅ | Role listing |
|
| ✅ | Role assignment listing |
|
| ✅ | Role management |
| (Not yet implemented) | 🚧 | Domain listing |
|
| ✅ | Domain management |
| (Not yet implemented) | 🚧 | Group listing |
|
| ✅ | Group management |
|
| ✅ | Service listing |
|
| ✅ | Service management |
|
| ✅ | Endpoint information |
6. 🔥 Orchestration (Heat)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Stack listing |
|
| ✅ | Specific stack query |
|
| ✅ | Stack creation |
|
| ✅ | Stack deletion |
|
| ✅ | Stack update |
|
| ✅ | Stack suspend/resume |
| (Not yet implemented) | 🚧 | Stack resource listing |
| (Not yet implemented) | 🚧 | Stack event listing |
| (Not yet implemented) | 🚧 | Template query |
| (Not yet implemented) | 🚧 | Stack output listing |
7. ⚖️ Load Balancer (Octavia)
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Load balancer listing with pagination |
|
| ✅ | Load balancer detailed information |
|
| ✅ | Load balancer creation |
|
| ✅ | Load balancer deletion |
|
| ✅ | Load balancer property update |
|
| ✅ | Load balancer statistics |
|
| ✅ | Load balancer status tree |
|
| ✅ | Load balancer failover |
|
| ✅ | Load balancer property unset |
Listener Management | |||
|
| ✅ | Listener listing for load balancer |
|
| ✅ | Listener creation (HTTP/HTTPS/TCP/UDP) |
|
| ✅ | Listener deletion |
|
| ✅ | Listener detailed information |
|
| ✅ | Listener property update |
|
| ✅ | Listener statistics |
|
| ✅ | Listener property unset |
Pool Management | |||
|
| ✅ | Pool listing (all or by listener) |
|
| ✅ | Pool creation with algorithms |
|
| ✅ | Pool deletion |
|
| ✅ | Pool property update |
|
| ✅ | Pool detailed information |
|
| ✅ | Pool statistics |
|
| ✅ | Pool property unset |
Member Management | |||
|
| ✅ | Pool member listing |
|
| ✅ | Pool member creation |
|
| ✅ | Pool member deletion |
|
| ✅ | Pool member property update |
|
| ✅ | Pool member detailed information |
|
| ✅ | Pool member property unset |
Health Monitor Management | |||
|
| ✅ | Health monitor listing |
|
| ✅ | Health monitor creation |
|
| ✅ | Health monitor deletion |
|
| ✅ | Health monitor update |
|
| ✅ | Health monitor detailed information |
|
| ✅ | Health monitor property unset |
L7 Policy Management | |||
|
| ✅ | L7 policy listing |
|
| ✅ | L7 policy creation |
|
| ✅ | L7 policy deletion |
|
| ✅ | L7 policy update |
|
| ✅ | L7 policy details |
|
| ✅ | L7 policy property unset |
L7 Rule Management 🆕 | |||
|
| ✅ | L7 rule listing |
|
| ✅ | L7 rule creation |
|
| ✅ | L7 rule deletion |
|
| ✅ | L7 rule update |
|
| ✅ | L7 rule details |
|
| ✅ | L7 rule property unset |
Amphora Management 🆕 | |||
|
| ✅ | Amphora listing |
|
| ✅ | Amphora details |
|
| ✅ | Amphora configuration |
|
| ✅ | Amphora failover |
| N/A | ❌ | Not supported by OpenStack SDK |
| N/A | ❌ | Not supported by OpenStack SDK |
Provider Management | |||
|
| ✅ | Provider listing |
|
| ✅ | Provider capability listing |
Availability Zone Management 🆕 | |||
|
| ✅ | Availability zone listing |
|
| ✅ | Availability zone details |
|
| ✅ | Availability zone creation |
|
| ✅ | Availability zone deletion |
|
| ✅ | Availability zone update |
|
| ✅ | Availability zone property unset |
Flavor Management 🆕 | |||
|
| ✅ | Flavor listing |
|
| ✅ | Flavor details |
|
| ✅ | Flavor creation |
|
| ✅ | Flavor deletion |
|
| ✅ | Flavor update |
|
| ✅ | Flavor property unset |
Flavor Profile Management | |||
|
| ✅ | Flavor profile listing |
|
| ✅ | Flavor profile details |
|
| ✅ | Flavor profile creation |
|
| ✅ | Flavor profile update |
|
| ✅ | Flavor profile property unset |
|
| 🚧 | Pending implementation |
Quota Management 🆕 | |||
|
| ✅ | Quota listing |
|
| ✅ | Quota details |
|
| ✅ | Quota setting |
|
| ✅ | Quota reset |
8. 📊 Monitoring & Logging
OpenStack CLI Command | MCP Tool | Status | Notes |
Resource monitoring |
| ✅ | Resource monitoring |
Service status |
| ✅ | Service status query |
Cluster overview |
| ✅ | Cluster overview |
Service logs |
| ✅ | Service log management |
System metrics |
| ✅ | Metrics management |
Alarm management |
| ✅ | Alarm management |
Compute agents |
| ✅ | Compute agent management |
Usage statistics |
| ✅ | Usage statistics |
9. 📏 Usage & Quota
OpenStack CLI Command | MCP Tool | Status | Notes |
|
| ✅ | Quota query |
|
| ✅ | Quota setting |
|
| ✅ | Usage query |
|
| ✅ | Limits query |
Resource utilization |
| ✅ | Resource utilization |
Quick Start
💡 Need an OpenStack Cluster for Testing?
Check out this comprehensive guide: Tutorial: Install OpenStack Multinode Cluster /w Kolla-Ansible (Epoxy/Dalmatian)
Perfect for setting up a test environment to explore MCP-OpenStack-Ops capabilities.
1. Environment Setup
# Clone and navigate to project
cd MCP-OpenStack-Ops
# Install dependencies
uv sync
# Configure environment
cp .env.example .env
# Edit .env with your OpenStack credentialsEnvironment Configuration
Configure your .env file with OpenStack credentials:
# OpenStack Authentication (required)
OS_AUTH_HOST=your-openstack-host
OS_AUTH_PORT=5000
OS_AUTH_PROTOCOL=http # Use 'https' for production with SSL/TLS
# OS_CACERT=/etc/ssl/certs/openstack-ca.pem # Required for HTTPS (optional for HTTP)
OS_IDENTITY_API_VERSION=3
OS_USERNAME=your-username
OS_PASSWORD=your-password
OS_PROJECT_NAME=your-project
OS_PROJECT_DOMAIN_NAME=default
OS_USER_DOMAIN_NAME=default
OS_REGION_NAME=RegionOne
# OpenStack Service Ports (customizable)
OS_COMPUTE_PORT=8774
OS_NETWORK_PORT=9696
OS_VOLUME_PORT=8776
OS_IMAGE_PORT=9292
OS_PLACEMENT_PORT=8780
OS_HEAT_STACK_PORT=8004
OS_HEAT_STACK_CFN_PORT=8000
# MCP Server Configuration (optional)
MCP_LOG_LEVEL=INFO
ALLOW_MODIFY_OPERATIONS=false
FASTMCP_TYPE=stdio
FASTMCP_HOST=127.0.0.1
FASTMCP_PORT=8080HTTPS Configuration for Production Environments
For secure OpenStack deployments with SSL/TLS:
# Enable HTTPS protocol
OS_AUTH_PROTOCOL=https
OS_AUTH_HOST=your-secure-openstack-host
OS_AUTH_PORT=13000 # Your HTTPS Keystone port
# SSL Certificate Configuration
# Option 1: Use custom CA certificate (recommended for production)
OS_CACERT=/etc/ssl/certs/openstack-ca.pem
# Option 2: Skip CA certificate (SSL verification disabled - insecure)
# Just omit OS_CACERT - the server will warn you about insecure connection
# Docker: Mount CA certificate into container
# Add to docker-compose.yml volumes:
# - /path/to/your/ca-cert.pem:/etc/ssl/certs/openstack-ca.pem:roProtocol Configuration Notes:
OS_AUTH_PROTOCOL=http: Use for local development or HTTP-only OpenStack deploymentsOS_AUTH_PROTOCOL=https: Use for production environments with SSL/TLS enabledWhen
httpsis set withoutOS_CACERT, SSL verification is disabled (insecure but functional)For secure production deployments, always provide
OS_CACERTwith your CA certificate path
2. Run Server
# Start all services
docker-compose up -d
# Check logs
docker-compose logs mcp-server
docker-compose logs mcpo-proxyContainer Architecture:
mcp-server: OpenStack MCP server with tools
mcpo-proxy: OpenAPI (REST-API)
open-webui: Web interface for testing and interaction
📌 Note: Web-UI configuration instructions are based on OpenWebUI v0.6.22. Menu locations and settings may differ in newer versions.
Service URLs - Docker Internal:
MCP Server:
localhost:8080(HTTP transport)MCPO Proxy:
localhost:8000(OpenStack API proxy)Open WebUI:
localhost:3000(Web interface)
Service URLs - Docker External:
MCP Server:
host.docker.internal:18005(HTTP transport)MCPO Proxy:
host.docker.internal:8005(OpenStack API proxy)Open WebUI:
host.docker.internal:3005(Web interface)
For Claude Desktop Integration
Add to your Claude Desktop configuration:
{
"mcpServers": {
"mcp-openstack-ops": {
"command": "uvx",
"args": ["--python", "3.12", "mcp-openstack-ops"],
"env": {
"OS_AUTH_HOST": "your-openstack-host",
"OS_AUTH_PORT": "5000",
"OS_PROJECT_NAME": "your-project",
"OS_USERNAME": "your-username",
"OS_PASSWORD": "your-password",
"OS_USER_DOMAIN_NAME": "Default",
"OS_PROJECT_DOMAIN_NAME": "Default",
"OS_REGION_NAME": "RegionOne",
"OS_IDENTITY_API_VERSION": "3",
"OS_INTERFACE": "internal",
"OS_COMPUTE_PORT": "8774",
"OS_NETWORK_PORT": "9696",
"OS_VOLUME_PORT": "8776",
"OS_IMAGE_PORT": "9292",
"OS_PLACEMENT_PORT": "8780",
"OS_HEAT_STACK_PORT": "8004",
"OS_HEAT_STACK_CFN_PORT": "18888",
"ALLOW_MODIFY_OPERATIONS": "false",
"MCP_LOG_LEVEL": "INFO"
}
}
}
}Server Configuration
Command Line Options
uv run python -m mcp_openstack_ops --help
Options:
--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Logging level
--type {stdio,streamable-http}
Transport type (default: stdio)
--host HOST Host address for HTTP transport (default: 127.0.0.1)
--port PORT Port number for HTTP transport (default: 8080)
--auth-enable Enable Bearer token authentication for streamable-http mode
--secret-key SECRET Secret key for Bearer token authenticationEnvironment Variables
Variable | Description | Default | Usage |
OpenStack Authentication | |||
| OpenStack Identity service host | Required | Authentication host address |
| OpenStack Identity service port | Required | Authentication port |
| Connection protocol (http or https) |
| Use |
| SSL CA certificate path for HTTPS | Optional | Required for secure HTTPS connections (e.g., |
| OpenStack username | Required | User credentials |
| OpenStack password | Required | User credentials |
| OpenStack project name | Required | Project scope |
| Identity API version |
| API version |
| Project domain name |
| Domain scope |
| User domain name |
| Domain scope |
| OpenStack region |
| Regional scope |
OpenStack Service Ports | |||
| Compute service port |
| Nova endpoint |
| Network service port |
| Neutron endpoint |
| Volume service port |
| Cinder endpoint |
| Image service port |
| Glance endpoint |
| Placement service port |
| Placement endpoint |
| Heat orchestration service port |
| Heat API endpoint |
| Heat CloudFormation service port |
| Heat CFN API endpoint (default: 8000, changed to avoid Docker port conflicts) |
MCP Server Configuration | |||
| Logging level |
| Development debugging |
| Enable modify operations |
| Safety control for state modifications |
| Transport type |
| Rarely needed to change |
| HTTP host address |
| For HTTP mode only |
| HTTP port number |
| For HTTP mode only |
Authentication (Optional) | |||
| Enable Bearer token authentication for streamable-http mode |
| Production security |
| Secret key for Bearer token authentication | Required when auth enabled | Production security |
🔒 Project Isolation & Security
Single Project Scope Operation
MCP-OpenStack-Ops operates within a strictly defined project scope determined by the OS_PROJECT_NAME environment variable. This provides complete tenant isolation and data privacy in multi-tenant OpenStack environments.
Key Security Features:
100% Complete Resource Isolation: All operations are restricted to resources within the specified project with enhanced security validation
Zero Cross-tenant Data Leakage: Advanced project ownership validation prevents access to resources from other projects
Multi-layer Security Filtering: Each service implements intelligent resource filtering by current project ID with additional validation
Secure Resource Lookup: All resource searches use project-scoped lookup with ownership verification
Shared Resource Access: Intelligently includes shared/public resources (networks, images) while maintaining strict security boundaries
Cross-Project Access Prevention: Enhanced protection against accidental operations on similarly-named resources in other projects
Filtered Resources by Project:
Service | Project-Scoped Resources | Notes |
Identity | Users (via role assignments), Role assignments | Only users with roles in current project |
Compute | Instances, Flavors (embedded data), Keypairs | All instances within project scope |
Image | Private images (owned), Public/Community/Shared images | Smart filtering prevents zero-image issues |
Network | Networks, Subnets, Security Groups, Floating IPs, Routers | Includes shared/external networks for access |
Storage | Volumes, Snapshots, Backups | All storage resources within project |
Orchestration | Heat Stacks, Stack Resources | All orchestration within project |
Load Balancer | Load Balancers, Listeners, Pools | All load balancing within project |
Monitoring | Resource usage, Project quotas | Project-specific monitoring data |
Security Validation & Testing
Project Isolation Security Test
To verify that project isolation is working correctly, run the included security test:
# Run project isolation security test
python test_project_isolation.pyExpected Test Results:
🔒 OpenStack Project Isolation Security Test
==================================================
📋 Testing project isolation for: your-project
1️⃣ Testing Connection and Project ID...
✅ Connection successful
✅ Current project ID: abc123-def456-ghi789
✅ Project name 'your-project' matches project ID
2️⃣ Testing Resource Ownership Validation...
✅ Found 5 compute instances
Instance web-server-01: ✅ Owned
Instance db-server-01: ✅ Owned
✅ Found 3/8 owned networks
✅ Found 10/10 owned volumes
3️⃣ Testing Service-Level Project Filtering...
✅ Compute service returned 5 instances
✅ Network service returned 3 networks
✅ Storage service returned 10 volumes
4️⃣ Testing Secure Resource Lookup...
ℹ️ Network 'admin' not found or not accessible in current project
ℹ️ Instance 'demo' not found or not accessible in current project
🎯 Project Isolation Test Results
========================================
✅ All security tests passed!
✅ Project 'your-project' isolation verified
✅ Cross-project access prevention confirmed
🔒 Your OpenStack MCP Server is properly secured!Security Features Validated:
✅ Project ID verification and matching
✅ Resource ownership validation for all services
✅ Service-level project filtering
✅ Secure resource lookup with cross-project protection
✅ Prevention of accidental operations on other projects' resources
For managing multiple OpenStack projects, deploy multiple MCP server instances with different OS_PROJECT_NAME values:
Example: Managing 3 Projects
# Project 1: Production Environment
OS_PROJECT_NAME=production
# ... other config
python -m mcp_openstack_ops --type stdio
# Project 2: Development Environment
OS_PROJECT_NAME=development
# ... other config
python -m mcp_openstack_ops --type streamable-http --port 8001
# Project 3: Testing Environment
OS_PROJECT_NAME=testing
# ... other config
python -m mcp_openstack_ops --type streamable-http --port 8002Claude Desktop Multi-Project Configuration Example:
{
"mcpServers": {
"openstack-production": {
"command": "python",
"args": ["-m", "mcp_openstack_ops", "--type", "stdio"],
"env": {
"OS_PROJECT_NAME": "production",
"OS_USERNAME": "admin",
"OS_PASSWORD": "your-password",
"OS_AUTH_HOST": "192.168.35.2"
}
},
"openstack-development": {
"command": "python",
"args": ["-m", "mcp_openstack_ops", "--type", "stdio"],
"env": {
"OS_PROJECT_NAME": "development",
"OS_USERNAME": "admin",
"OS_PASSWORD": "your-password",
"OS_AUTH_HOST": "192.168.35.2"
}
},
"openstack-testing": {
"command": "python",
"args": ["-m", "mcp_openstack_ops", "--type", "stdio"],
"env": {
"OS_PROJECT_NAME": "testing",
"OS_USERNAME": "admin",
"OS_PASSWORD": "your-password",
"OS_AUTH_HOST": "192.168.35.2"
}
}
}
}This allows Claude to access each project independently with complete isolation between environments.
📁 Ready-to-use Configuration File:
A complete multi-project configuration example is available at mcp-config.json.multi-project:
Production: Read-only operations for safety (
ALLOW_MODIFY_OPERATIONS=false)Development: Full operations enabled (
ALLOW_MODIFY_OPERATIONS=true)Testing: Debug logging enabled (
MCP_LOG_LEVEL=DEBUG)
# Copy and customize the multi-project configuration
cp mcp-config.json.multi-project ~/.config/claude-desktop/mcp_servers.json
# Edit with your OpenStack credentialsSafety Controls
Modification Operations Protection
By default, all operations that can modify or delete OpenStack resources are disabled for safety:
# Default setting - Only read-only operations allowed
ALLOW_MODIFY_OPERATIONS=falseProtected Operations (when ALLOW_MODIFY_OPERATIONS=false):
Instance management (start, stop, restart, pause, unpause)
Volume operations (create, delete, attach, detach)
Keypair management (create, delete, import)
Floating IP operations (create, delete, associate, disassociate)
Snapshot management (create, delete)
Image management (create, delete, update)
Heat stack operations (create, delete, update)
Always Available (Read-Only Operations):
Cluster status and monitoring
Resource listings (instances, volumes, networks, etc.)
Service status checks
Usage and quota information
Search and filtering operations
⚠️ To Enable Modify Operations:
# Enable all operations (USE WITH CAUTION)
ALLOW_MODIFY_OPERATIONS=trueTool Registration Behavior:
When
ALLOW_MODIFY_OPERATIONS=false: Only read-only tools are registered with the MCP serverWhen
ALLOW_MODIFY_OPERATIONS=true: All tools (read-only + modify operations) are registeredTool availability is determined at server startup - restart required after changing this setting
Best Practices:
Keep
ALLOW_MODIFY_OPERATIONS=falsein production environmentsEnable modify operations only in development/testing environments
Use separate configurations for different environments
Review operations before enabling modify capabilities
Restart the MCP server after changing the
ALLOW_MODIFY_OPERATIONSsetting
💬 Example Queries & Usage Patterns
For comprehensive examples of how to interact with this MCP server, including natural language queries and their corresponding tool mappings, see:
📖 Example Queries & Usage Patterns
This section includes:
🎯 Cluster overview and status queries
�️ Instance management operations
🌐 Network configuration tasks
� Storage management workflows
🔥 Heat orchestration examples
⚖️ Load balancer operations
� Advanced search patterns
📊 Monitoring and troubleshooting
🧠 Complex multi-tool query combinations
Performance Optimization
Large-Scale Environment Support
The MCP server is optimized for large OpenStack environments with thousands of instances:
Pagination Features:
Default limits prevent memory overflow (50 instances per request)
Configurable safety limits (maximum 200 instances per request)
Offset-based pagination for browsing large datasets
Performance metrics tracking (processing time, instances per second)
Search Optimization:
2-phase search process (basic info filtering → detailed info retrieval)
Intelligent caching with connection reuse
Selective API calls to minimize overhead
Case-sensitive search options for precise filtering
Connection Management:
Global connection caching with validity testing
Automatic retry mechanisms for transient failures
Connection pooling for high-throughput scenarios
Usage Examples:
# Safe large environment browsing
get_instance_details(limit=50, offset=0) # First 50 instances
get_instance_details(limit=50, offset=50) # Next 50 instances
# Emergency override for small environments
get_instance_details(include_all=True) # All instances (use with caution)
# Optimized search for large datasets
search_instances("web", "name", limit=20) # Search with reasonable limitDevelopment
Adding New Tools
Edit src/mcp_openstack_ops/mcp_main.py to add new MCP tools:
@mcp.tool()
async def my_openstack_tool(param: str) -> str:
"""
Brief description of the tool's purpose.
Functions:
- List specific functions this tool performs
- Describe the operations it enables
- Mention when to use this tool
Use when user requests [specific scenarios].
Args:
param: Description of the parameter
Returns:
Description of return value format.
"""
try:
logger.info(f"Tool called with param: {param}")
# Implementation using functions.py helpers
result = my_helper_function(param)
response = {
"timestamp": datetime.now().isoformat(),
"result": result
}
return json.dumps(response, indent=2, ensure_ascii=False)
except Exception as e:
error_msg = f"Error: Failed to execute tool - {str(e)}"
logger.error(error_msg)
return error_msgHelper Functions
Add utility functions to src/mcp_openstack_ops/functions.py:
def my_helper_function(param: str) -> dict:
"""Helper function for OpenStack operations"""
try:
conn = get_openstack_connection()
# OpenStack SDK operations
result = conn.some_service.some_operation(param)
logger.info(f"Operation completed successfully")
return {"success": True, "data": result}
except Exception as e:
logger.error(f"Helper function error: {e}")
raiseTesting & Validation
Local Testing
# Test with MCP Inspector (recommended)
./scripts/run-mcp-inspector-local.sh
# Test with debug logging
MCP_LOG_LEVEL=DEBUG uv run python -m mcp_openstack_ops
# Validate OpenStack connection
uv run python -c "from src.mcp_openstack_ops.functions import get_openstack_connection; print(get_openstack_connection())"🔐 Security & Authentication
Bearer Token Authentication
For streamable-http mode, this MCP server supports Bearer token authentication to secure remote access. This is especially important when running the server in production environments.
Configuration
Enable Authentication:
# In .env file
REMOTE_AUTH_ENABLE=true
REMOTE_SECRET_KEY=my-test-secret-key-12345Or via CLI:
uv run python -m mcp_openstack_ops --type streamable-http --auth-enable --secret-key your-secure-secret-key-hereSecurity Levels
stdio mode (Default): Local-only access, no authentication needed
streamable-http + REMOTE_AUTH_ENABLE=false/undefined: Remote access without authentication ⚠️ NOT RECOMMENDED for production
streamable-http + REMOTE_AUTH_ENABLE=true: Remote access with Bearer token authentication ✅ RECOMMENDED for production
🔒 Default Policy:
REMOTE_AUTH_ENABLEdefaults tofalseif undefined, empty, or null. This ensures the server starts even without explicit authentication configuration.
Client Configuration
When authentication is enabled, MCP clients must include the Bearer token in the Authorization header:
{
"mcpServers": {
"mcp-openstack-ops": {
"type": "streamable-http",
"url": "http://your-server:8000/mcp",
"headers": {
"Authorization": "Bearer your-secure-secret-key-here"
}
}
}
}Security Best Practices
Always enable authentication when using streamable-http mode in production
Use strong, randomly generated secret keys (32+ characters recommended)
Use HTTPS when possible (configure reverse proxy with SSL/TLS)
Restrict network access using firewalls or network policies
Rotate secret keys regularly for enhanced security
Monitor access logs for unauthorized access attempts
Error Handling
When authentication fails, the server returns:
401 Unauthorized for missing or invalid tokens
Detailed error messages in JSON format for debugging
🎯 Recent Improvements & Enhancements
🔒 Complete Project Isolation Security Implementation ✨
100% Project Isolation Guarantee:
✅ Multi-layer Security Validation: Added comprehensive project ownership validation for all resource operations
✅ Enhanced Delete Operation Security: All delete operations now use secure project-scoped lookup with ownership verification
✅ Create Operation Security: Resource references during creation (networks, images, etc.) verified for project ownership
✅ Query Security Enhancement: All list/get operations include explicit project validation with resource ownership checks
✅ Cross-Project Access Prevention: Advanced protection against accidental operations on similarly-named resources in other projects
✅ Security Test Suite: Added
test_project_isolation.pyfor comprehensive security validation
Technical Implementation:
✅ New Security Utilities: Added
get_current_project_id(),validate_resource_ownership(),find_resource_by_name_or_id()functions✅ Service-Level Security: Enhanced all service modules (compute, network, storage, etc.) with project ownership validation
✅ Secure Resource Lookup: Replaced unsafe name-based loops with secure project-scoped resource lookup
✅ Error Message Enhancement: Improved error messages to clearly indicate project access restrictions
Complete Project Scoping Implementation
Enhanced Security & Tenant Isolation:
✅ All Services Project-Scoped: Identity, Compute, Network, Storage, Image, Orchestration, Load Balancer, and Monitoring services now filter resources by current project ID
✅ Zero Cross-Tenant Data Leakage: Automatic filtering at OpenStack SDK level using
current_project_id✅ Smart Resource Access: Intelligent handling of shared/public resources (networks, images) while maintaining security boundaries
Fixed Image Service Issues 🖼️
Resolved Zero-Image Count Problems:
✅ Enhanced Image Filtering: Now includes public, community, shared, and project-owned images
✅ Intelligent Visibility Handling: Proper handling of different image visibility types
✅ Prevented Empty Results: Fixed filtering logic that was too restrictive
Improved vCPU/RAM Calculation ⚡
Fixed Instance Resource Display:
✅ Embedded Flavor Data Usage: Uses server.flavor attributes directly, avoiding 404 API errors
✅ Accurate Resource Reporting: Proper vCPU and RAM values in cluster status reports
✅ Eliminated API Failures: No more flavor lookup failures causing zero resource values
Enhanced Documentation 📚
Comprehensive Project Scoping Documentation:
✅ Multi-Project Management Guide: Complete setup instructions for managing multiple OpenStack projects
✅ Security & Isolation Details: Detailed explanation of tenant isolation features
✅ Ready-to-Use Configuration: Pre-configured
mcp-config.json.multi-projectfor quick setup✅ Updated Environment Variables: Enhanced
.env.examplewith project scoping guidance
🚀 Adding Custom Tools
This MCP server is designed for easy extensibility. Follow these steps to add your own custom tools:
Step-by-Step Guide
1. Add Helper Functions (Optional)
Add reusable data functions to src/mcp_openstack_ops/functions.py:
async def get_your_custom_data(target_resource: str = None) -> List[Dict[str, Any]]:
"""Your custom data retrieval function."""
# Example implementation - adapt to your OpenStack service
conn = get_openstack_connection()
results = []
try:
# Example: Custom query using OpenStack SDK
resources = conn.your_service.list_resources(
filters={'name': target_resource} if target_resource else {}
)
for resource in resources:
results.append({
'name': resource.name,
'id': resource.id,
'status': resource.status,
'created_at': resource.created_at,
# Add your custom fields
})
except Exception as e:
logger.error(f"Failed to get custom data: {e}")
return []
return results2. Create Your MCP Tool File
Create a new file src/mcp_openstack_ops/tools/get_your_custom_analysis.py:
"""Tool implementation for get_your_custom_analysis."""
import json
from datetime import datetime
from typing import Optional
from ..functions import get_your_custom_data # Import your helper function
from ..mcp_main import (
logger,
mcp,
)
@mcp.tool()
async def get_your_custom_analysis(limit: int = 50, target_name: Optional[str] = None) -> str:
"""
[Tool Purpose]: Brief description of what your tool does
[Exact Functionality]:
- Feature 1: Data aggregation and analysis
- Feature 2: Resource monitoring and insights
- Feature 3: Performance metrics and reporting
[Required Use Cases]:
- When user asks "your specific analysis request"
- Your business-specific monitoring needs
Args:
limit: Maximum results (1-100)
target_name: Target resource/service name
Returns:
Formatted analysis results
"""
try:
limit = max(1, min(limit, 100)) # Always validate input
logger.info(f"Getting custom analysis, limit: {limit}, target: {target_name}")
results = await get_your_custom_data(target_resource=target_name)
if not results:
return f"No custom analysis data found" + (f" for '{target_name}'" if target_name else "")
# Apply limit
results = results[:limit]
# Format results as table
table_data = []
for item in results:
table_data.append({
'Name': item.get('name', 'N/A'),
'ID': item.get('id', 'N/A'),
'Status': item.get('status', 'N/A'),
'Created': item.get('created_at', 'N/A'),
})
# Return formatted JSON
return json.dumps({
'title': f'Custom Analysis (Top {len(results)})',
'data': table_data,
'total_count': len(results),
'timestamp': datetime.now().isoformat()
}, indent=2)
except Exception as e:
logger.error(f"Failed to get custom analysis: {e}")
return f"Error: {str(e)}"3. For Modify Operations (Optional)
If your tool performs modify operations, use the @conditional_tool decorator instead:
"""Tool implementation for set_your_custom_resource."""
from ..mcp_main import (
conditional_tool, # Use this instead of @mcp.tool()
handle_operation_result,
logger,
)
from ..functions import set_your_custom_resource
@conditional_tool # Only registers when ALLOW_MODIFY_OPERATIONS=true
async def set_your_custom_resource(resource_name: str, action: str) -> str:
"""
Manage your custom OpenStack resources.
Use when user requests custom resource management.
"""
try:
result = set_your_custom_resource(resource_name, action)
return handle_operation_result(
result=result,
operation_name="Custom Resource Management",
details={
'Resource': resource_name,
'Action': action
}
)
except Exception as e:
logger.error(f"Custom resource operation failed: {e}")
return f"Error: {str(e)}"4. Update Prompt Template (Recommended)
Add your tool description to src/mcp_openstack_ops/prompt_template.md for better natural language recognition:
### **Your Custom Analysis Tool**
### X. **get_your_custom_analysis**
**Purpose**: Brief description of what your tool does
**Usage**: "Show me your custom analysis" or "Get custom analysis for resource_name"
**Features**: Data aggregation, resource monitoring, performance metrics
**Optional**: `target_name` parameter for specific resource analysis5. Test Your Tool
# Local testing
./scripts/run-mcp-inspector-local.sh
# Or with Docker
docker-compose up -d
docker-compose logs -f mcp-server
# Test with natural language:
# "Show me your custom analysis"
# "Get custom analysis for target_name"Tool Registration System
The MCP server uses automatic tool discovery. When you create a new file in src/mcp_openstack_ops/tools/, it's automatically registered through the register_all_tools() function in tools/__init__.py. No manual import registration needed!
Safety System
Read-only tools: Use
@mcp.tool()- always availableModify tools: Use
@conditional_tool- only available whenALLOW_MODIFY_OPERATIONS=trueConnection: Always use
get_openstack_connection()for OpenStack API accessProject isolation: All operations are automatically scoped to
OS_PROJECT_NAME
That's it! Your custom tool is ready to use with natural language queries.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Commit your changes (
git commit -m 'Add some amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/call518/MCP-OpenStack-Ops'
If you have feedback or need assistance with the MCP directory API, please join our Discord server