Skip to main content
Glama

pve_sdn_lock_acquire

Acquire the global SDN configuration lock to block other writers. Use confirm=True to get a lock token; dry-run by default returns a plan.

Instructions

MUTATION: acquire the global SDN configuration lock (RISK_MEDIUM).

Blocks every OTHER legitimate SDN writer cluster-wide until released via pve_sdn_lock_release (or automatically by pve_sdn_apply/pve_sdn_rollback's own release_lock param) — a self-inflicted-DoS risk if you forget to release. Dry-run by default (returns a PLAN — there is no read-only way to check if the lock is already held, so the plan is a pure preview, not a live check). confirm=True acquires the lock and returns {"status": "ok", "result": ""}.

SECRET HANDLING: the token is a capability handle, not a password — it is returned ONCE in result and is NEVER written to the audit ledger (mirrors pve_token_create's own secret handling). Pass it as lock_token to subsequent SDN mutations, and to pve_sdn_lock_release / pve_sdn_apply / pve_sdn_rollback to release it. If the token is lost (session death, forgotten release), the only recovery is pve_sdn_lock_release(force=True) — HIGH risk, since it releases without proof of ownership.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
confirmNoFalse (default) returns a dry-run PLAN only; True acquires the lock.
allow_pendingNoTrue bypasses PVE's own default refusal to lock over already-dirty pending state. Never default this on.
proximo_targetNoWhich configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, but description details mutation risk, blocking behavior, dry-run default, secret handling (token returned once, not logged), and forced release recovery. Comprehensive.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured and each sentence adds value, but slightly long. Could be slightly more concise while maintaining clarity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Describes dry-run output (PLAN) and confirm output (JSON with token). Explains token usage and recovery. Output schema exists, so return values are covered. Complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema covers 100% of parameters, baseline 3. Description adds for 'confirm': dry-run vs acquisition; for 'allow_pending': explicit warning not to default on. Adds value beyond schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Starts with 'MUTATION: acquire the global SDN configuration lock', clearly identifying verb and resource. Distinguishes from sibling pve_sdn_lock_release by focusing on acquisition.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use: acquiring the SDN lock. Provides guidance on dry-run default, how to release (pve_sdn_lock_release, pve_sdn_apply/pve_sdn_rollback), and recovery if token lost (force=true).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/john-broadway/proximo'

If you have feedback or need assistance with the MCP directory API, please join our Discord server