🚀 Cloud Manage MCP Server
A cloud management server based on MCP (Model Context Protocol), supporting the retrieval of cloud server information via public IP addresses.
🚀 Quick Start
Dependency Installation
pip install -r requirements.txt
Environment Variable Configuration
Create a .env file and set the following environment variables:
DIGITALOCEAN_TOKEN=your_digitalocean_api_token_here
IPINFO_API_TOKEN=your_ipinfo_api_token_here
Starting the Server
python main.py
✨ Features
- Identify Cloud Service Providers: Support identifying cloud service providers via public IP addresses.
- Retrieve Droplet Details: Use the pydo SDK to get detailed information about DigitalOcean droplets.
- Droplet Power Management: Power on, power off, restart, and gracefully shut down droplets.
- Status Monitoring: Obtain the current status and resource usage of droplets.
- Operation History: View the operation history of droplets.
- Batch Management: List all droplets and search by name.
- Monitoring Data: Get CPU, memory, disk, and network usage (monitoring needs to be enabled).
- Deletion Protection: Multiple security mechanisms to prevent accidental deletion of important servers.
- AWS Support (To be Implemented): Future support for AWS is planned.
🔒 Security Features
🛡️ Deletion Protection Mechanism
To prevent accidental deletion of important droplets, the system implements a strict five - layer security protection:
Protection Levels
- Global Switch Protection: All deletion operations are disabled by default.
- Confirmation Code Protection: A specific confirmation code is required to attempt deletion.
- Status Check Protection: Deletion of running droplets is prohibited.
- Tag Protection: Automatically identify and protect important droplets.
- Final Security Check: Even if the previous checks are passed, actual deletion is still disabled.
Protected Tags
The system will automatically protect droplets with the following tags:
production / prodimportantcriticalbackup
Configuration Method
export ALLOW_DROPLET_DELETION=true
⚠️ Important Note
Even if the deletion function is enabled, all actual deletion operations will still be blocked by the final security check. It is recommended to always manually delete droplets through the DigitalOcean control panel.
💻 Usage Examples
Basic Usage
result = list_droplets()
print(f"Total number of droplets: {result['total_droplets']}")
result = find_droplet_by_name("web-server")
if result['found']:
droplet = result['droplets'][0]
droplet_id = droplet['id']
status = get_droplet_status(droplet_id)
print(f"Droplet status: {status['status']}")
if status['status'] == 'active':
action_result = reboot_droplet(droplet_id)
action_id = action_result['action']['id']
action_status = get_action_status(action_id)
print(f"Reboot operation status: {action_status['action']['status']}")
Deletion Safety Check Example
policy = get_droplet_deletion_policy()
print(f"Deletion function status: {policy['deletion_policy']['current_status']}")
safety_check = check_droplet_deletion_safety(droplet_id)
print(f"Safety level: {safety_check['safety_level']}")
for check in safety_check['safety_checks']:
print(f"{check['check']}: {check['status']} - {check['message']}")
deletion_result = delete_droplet_with_protection(droplet_id, "CONFIRM_DELETE_DROPLET")
if deletion_result.get('error'):
print(f"Deletion blocked: {deletion_result['error']}")
Monitoring Data Retrieval Example
monitoring_result = get_droplet_monitoring(droplet_id)
if monitoring_result['monitoring_enabled']:
metrics = monitoring_result['metrics']
for metric_type, data in metrics.items():
if data['available']:
print(f"{metric_type} monitoring data is available")
else:
print(f"No data available for {metric_type}")
else:
print("Please enable the monitoring function in the DigitalOcean control panel first")
📚 Documentation
Available MCP Tool Functions
Basic Query Functions
get_dg_info(ipv4_address: str): Retrieve information about the corresponding DigitalOcean droplet based on the public IP address.
- Parameters:
ipv4_address (str): The public IP address to query.
list_droplets(): List all DigitalOcean droplets under the account.find_droplet_by_name(name: str): Find a DigitalOcean droplet by name (supports fuzzy matching).
- Parameters:
name (str): The name or partial name of the droplet.
get_droplet_status(droplet_id: int): Get the current status and detailed information of a specified droplet.
- Parameters:
droplet_id (int): The ID of the droplet.
Power Management Functions
power_on_droplet(droplet_id: int): Power on the specified droplet.power_off_droplet(droplet_id: int): Force - shut down the specified droplet (similar to pulling the power cord).shutdown_droplet(droplet_id: int): Gracefully shut down the specified droplet (similar to the system shutdown command).reboot_droplet(droplet_id: int): Reboot the specified droplet.
- Parameters:
droplet_id (int): The ID of the droplet to operate on.
Monitoring and History Functions
get_droplet_monitoring(droplet_id: int): Get the monitoring data of a droplet, including CPU, memory, disk, and network usage.
- Note: The monitoring function needs to be enabled on the droplet.
get_droplet_actions(droplet_id: int): Get the operation history of a specified droplet.get_action_status(action_id: int): Query the status of a specific operation (useful for tracking the progress after a power operation).
- Parameters:
droplet_id (int): The ID of the droplet.action_id (int): The ID of the operation.
Deletion Protection Functions
delete_droplet_with_protection(droplet_id: int, confirmation_code: str = ""): Delete a DigitalOcean droplet (with strict security protection).
- Note: This function has multiple security restrictions and is actually designed to block deletion operations.
- Parameters:
droplet_id (int): The ID of the droplet to delete.confirmation_code (str): The confirmation code (must be "CONFIRM_DELETE_DROPLET").
get_droplet_deletion_policy(): Get the current deletion policy and security configuration information.check_droplet_deletion_safety(droplet_id: int): Check the deletion safety of a specified droplet (without actually deleting it).
- Parameters:
droplet_id (int): The ID of the droplet to check.
Return Value Explanation
Successful Response Examples
{
"cloud_provider": "digitalocean",
"droplet_id": 123456789,
"droplet_name": "web-server-01",
"overall_safety": "BLOCKED",
"safety_level": "Deletion blocked",
"safety_checks": [
{
"check": "Global deletion policy",
"status": "BLOCKED",
"message": "The deletion function is globally disabled"
},
{
"check": "Droplet status",
"status": "WARNING",
"message": "The droplet is running (active). It is recommended to shut it down first"
},
{
"check": "Protected tags",
"status": "BLOCKED",
"message": "Protected tag found: production"
}
],
"warnings": [
"This droplet has a protected tag, indicating that it may be an important server"
],
"summary": {
"total_checks": 5,
"blocked": 2,
"warnings": 1,
"passed": 2
}
}
- Deletion Policy Information:
{
"cloud_provider": "digitalocean",
"deletion_policy": {
"enabled": false,
"protection_level": "MAXIMUM",
"current_status": "All deletion operations are disabled",
"safety_checks": [
"The environment variable ALLOW_DROPLET_DELETION must be set to true",
"The correct confirmation code 'CONFIRM_DELETE_DROPLET' must be provided",
"The droplet must be in the shutdown state",
"The droplet cannot have protected tags",
"Multiple confirmation mechanisms"
],
"protected_tags": ["production", "prod", "important", "critical", "backup"]
},
"security_info": {
"philosophy": "Safety first, prevent accidental deletion of important servers",
"recommendation": "It is highly recommended to manually delete droplets through the DigitalOcean control panel"
}
}
- Successful Droplet Operation:
{
"cloud_provider": "digitalocean",
"droplet_id": 123456789,
"action": {
"id": 987654321,
"status": "in-progress",
"type": "reboot",
"started_at": "2024-01-01T12:00:00Z",
"completed_at": null,
"resource_id": 123456789,
"resource_type": "droplet",
"region": "New York 3"
},
"message": "The reboot operation has been successfully submitted. Operation ID: 987654321"
}
{
"cloud_provider": "digitalocean",
"droplet_id": 123456789,
"status": "active",
"name": "web-server-01",
"locked": false,
"size_slug": "s-1vcpu-1gb",
"memory": 1024,
"vcpus": 1,
"disk": 25,
"region": {
"name": "New York 3",
"slug": "nyc3"
},
"image": {
"name": "Ubuntu 20.04 x64",
"distribution": "Ubuntu"
},
"created_at": "2024-01-01T10:00:00Z",
"features": ["monitoring", "ipv6"],
"tags": ["web", "production"]
}
- Monitoring Data Response:
{
"cloud_provider": "digitalocean",
"droplet_id": 123456789,
"monitoring_enabled": true,
"metrics": {
"cpu": {
"available": true,
"data": [...]
},
"memory": {
"available": true,
"data": [...]
},
"disk": {
"available": false,
"data": []
},
"network": {
"available": true,
"data": [...]
}
},
"note": "Monitoring data may take a few minutes to appear on newly enabled droplets."
}
Error Response Examples
- Deletion Operation Blocked:
{
"cloud_provider": "digitalocean",
"error": "The deletion operation is disabled. For security reasons, all droplet deletion operations are restricted.",
"security_info": {
"protection_level": "MAXIMUM",
"reason": "Prevent accidental deletion of important servers",
"how_to_enable": "Set the environment variable ALLOW_DROPLET_DELETION=true (not recommended)"
}
}
{
"cloud_provider": "digitalocean",
"error": "Droplet with ID 123456789 not found"
}
API Explanation
pydo SDK Integration
This project uses the official pydo SDK to interact with the DigitalOcean API:
- Install pydo:
pip install pydo
- Configure the API Token: Set the
DIGITALOCEAN_TOKEN environment variable.
- Call the API: Use
client.droplets.list() to get all droplets.
Working Principle
- Initialize the pydo client with the configured API token.
- Call
client.droplets.list() to get all droplets under the account.
- Iterate through the network configuration of each droplet.
- Find the droplet that matches the specified public IP address.
- Return the detailed information of the found droplet.
🔧 Technical Details
Testing Function
The project includes a complete test script test_dg_info.py that can test all functions:
python test_dg_info.py
The test script includes the following test modules:
- Basic Function Testing: List droplets, test API connection.
- Droplet Operation Testing: Query status, power management, operation history.
- Monitoring Function Testing: Retrieve monitoring data and check availability.
- Deletion Protection Testing: Check security policies, evaluate deletion safety.
- IP Search Testing: Find the corresponding droplet based on the IP address.
Precautions
Security - Related
- Deletion Protection:
- All deletion operations are disabled by default to prevent accidental deletion.
- Multiple security check mechanisms protect important servers.
- Even if deletion is configured to be allowed, actual deletion is still blocked by the final security check.
- It is highly recommended to manually delete through the DigitalOcean control panel.
- API Permissions: Ensure that your DigitalOcean API token has the appropriate permissions:
- Permission to read droplets.
- Permission to perform droplet operations (power on/off, reboot, etc.).
- Permission to access monitoring data.
- Monitoring Function Limitations:
- The monitoring function needs to be enabled on the droplet (either at creation or later in the control panel).
- Monitoring data may take a few minutes to appear.
- The free monitoring function collects data points every 5 minutes.
- API Call Limitations:
- The DigitalOcean API has a rate limit (5,000 requests per hour).
- Power operations are asynchronous, and the operation status needs to be queried to confirm completion.
- Security Considerations:
- Keep your API token safe.
- It is recommended to use environment variables to store sensitive information.
- Limit the permission scope of the API token in the production environment.
- Avoid enabling the deletion function in automated scripts.
Operation Status Explanation
- Possible Droplet States:
new: Newly created, initializing.active: Running.off: Shut down.archive: Archived (long - term shutdown).
- Operation States:
in - progress: In execution.completed: Completed.errored: Execution failed.
- Deletion Safety Levels:
BLOCKED: Deletion is blocked (severe security issues).WARNING: Requires careful consideration (potential risks).CAUTION: Can be deleted but needs confirmation (still restricted).
Best Practices
- Safe Operations:
- Avoid enabling the deletion function and always manually delete through the control panel.
- Regularly use
check_droplet_deletion_safety() to evaluate server safety.
- Add protected tags to important servers.
- Batch Operations: Use
list_droplets() to get all droplets and then filter and operate as needed.
- Status Check: Check the current status of the droplet before performing power operations.
- Operation Tracking: Save the operation ID for subsequent status queries.
- Error Handling: Always check the
error field in the return result.
- Monitoring Enablement: Enable the monitoring function when creating a droplet to obtain usage data later.
Error Handling
- Automatically detect if the pydo SDK is installed.
- Verify if the
DIGITALOCEAN_TOKEN environment variable is configured.
- Capture API call exceptions and return friendly error messages.
- Provide detailed debugging information.
Precautions
- Ensure that your DigitalOcean API token has the permission to read droplets.
- The API has a call frequency limit, so use it reasonably.
- This function will list all droplets under the account, so ensure the security of the token.
Extended Features
- Support filtering droplets by tags.
- Support paginated queries for a large number of droplets.
- Cache query results to improve performance.
- Support other cloud service providers (AWS, GCP, etc.).
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
