Pacemaker MCP
MCP server that enables safe, SSH-based interaction with a Pacemaker cluster, offering guarded pcs commands for status queries and controlled operations via MCP clients.
README
Pacemaker MCP
Model Context Protocol (MCP) server that exposes Pacemaker pcs commands as safe, guardrailed tools over stdio. It connects to a target cluster node via SSH using your OpenSSH config (Host alias; optional sudo) and runs read-only status queries and controlled operations. Ideal for using Pacemaker safely from MCP-aware clients like Cursor or Claude.
Features
- Pacemaker tools:
pcs_cluster_status,pcs_node_status,pcs_resource_list. - Logs access:
pcs_logs_common,pcs_logs_tail,pcs_logs_journalctlfor Pacemaker/Corosync troubleshooting. - Key-based auth via OpenSSH config: uses your
~/.ssh/configHost alias; optionalsudo. - Configurable: JSON/YAML config file or environment variables for alias and options.
Requirements
- Node.js >= 18
- Access to a Pacemaker cluster node over SSH
Setup (from scratch)
# 1) Install dependencies
npm install
# 2) Build the server (emits dist/index.js)
npm run build
# 3) (Optional) Verify locally with MCP Inspector
npx @modelcontextprotocol/inspector@latest node $(pwd)/dist/index.js
You can also run directly with Node:
node dist/index.js
Configure connection (single method)
Use your OpenSSH config (e.g., ~/.ssh/config) with a Host alias, and reference that alias. This is the only connection method used by the server.
- Set a Host entry in your OpenSSH config file:
Host my-cluster
HostName cluster-node.example.com
User ec2-user
IdentityFile ~/.ssh/id_rsa
Port 22
- If you use a bastion, either define it with ProxyJump or a ProxyCommand (both are supported):
Host my-cluster
HostName 10.1.30.239
User root
IdentityFile ~/.ssh/aws-instance_rsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
# Option A (preferred): use a Host alias for the bastion
# ProxyJump bastion
# Option B: ProxyCommand (will be auto-translated)
ProxyCommand ssh -W %h:%p bastion -i ~/.ssh/aws-bastion_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
Host bastion
HostName bastion.example.com
User ec2-user
IdentityFile ~/.ssh/aws-bastion_rsa
- Then either:
- Provide alias per-call as args:
sshConfigHost: "my-cluster"(and optionallysshConfigPathif not~/.ssh/config) - Or put it in your Pacemaker MCP config file (JSON/YAML) via
PACEMAKER_MCP_CONFIG:
- Provide alias per-call as args:
default:
sshConfigHost: my-cluster
# sshConfigPath: /absolute/path/to/ssh_config # optional, defaults to ~/.ssh/config
sudo: true
Notes:
- This server reads connection parameters exclusively from the OpenSSH alias (HostName, User, Port, IdentityFile).
- If your ssh config has
StrictHostKeyChecking nofor the alias, unknown host keys will be accepted unless overridden. - ProxyCommand lines like
ssh -W %h:%p <jump> -i <key> ...are supported; they are treated as a single-hop ProxyJump automatically. - If
IdentityFileis not set, the SSH agent (SSH_AUTH_SOCK) is used if available. - If
Useris not set, your local username is used by default.
Configuration sources (last-wins per field):
- Config file from
PACEMAKER_MCP_CONFIG(or default search paths) - Environment variables (e.g.,
PACEMAKER_SSH_CONFIG_HOST,PACEMAKER_USE_SUDO) - Per-tool arguments (
sshConfigHost,sshConfigPath,sudo)
Use with MCP clients
Cursor
-
Build so
dist/index.jsexists:npm run build -
Add the server to your global Cursor MCP config (macOS:
~/.cursor/mcp.json). Use absolute paths.
{
"mcpServers": {
"pacemaker-mcp-server": {
"command": "node",
"args": ["/absolute/path/to/pcs_mcp/dist/index.js"],
"env": {
"PACEMAKER_SSH_CONFIG_HOST": "my-cluster",
"PACEMAKER_USE_SUDO": "true"
}
}
}
}
Restart Cursor after saving.
Claude Desktop
-
Build
dist/index.js:npm run build -
Add the server to
~/Library/Application Support/Claude/claude_desktop_config.json(macOS), then restart Claude. Use absolute paths.
{
"mcpServers": {
"pacemaker-mcp-server": {
"command": "node",
"args": ["/absolute/path/to/pcs_mcp/dist/index.js"],
"env": {
"PACEMAKER_MCP_CONFIG": "/absolute/path/to/pacemaker.yaml",
"PACEMAKER_SSH_CONFIG_HOST": "my-cluster",
"PACEMAKER_USE_SUDO": "false",
"PACEMAKER_SSH_READY_TIMEOUT_MS": "30000"
}
}
}
}
Notes:
- Prefer absolute paths in
argsand file-based env likePACEMAKER_MCP_CONFIG. - Configure connection via OpenSSH Host alias; set the alias through env or your MCP config file.
- For production, prefer key-based SSH and passwordless
sudoifsudois required.
Troubleshooting
- Handshake timeout:
- Set
PACEMAKER_SSH_DEBUG=trueand retry; inspect logs for where it stalls (jump vs target vs auth). - Increase
PACEMAKER_SSH_READY_TIMEOUT_MS(e.g.,30000). - Verify your alias works in a terminal:
ssh my-cluster 'echo ok'. - If using a bastion, ensure
ProxyJumpor a correctProxyCommandis defined and keys are accessible. - If host key checks block you in dev/test, set
StrictHostKeyChecking noandUserKnownHostsFile /dev/nullin your SSH config or setPACEMAKER_INSECURE_ACCEPT_UNKNOWN_HOST_KEYS=true.
- Set
Available tools (examples)
pcs_cluster_status: returnspcs cluster statuspcs_node_status: returnspcs status nodespcs_resource_list: returnspcs resource configpcs_logs_common: tail common log files and optionally journal; e.g., last 200 lines of Pacemaker/Corosync logs- args:
{ "lines": 200, "includeJournal": true }
- args:
pcs_logs_tail: tail specific log files- args:
{ "paths": ["/var/log/pacemaker/pacemaker.log", "/var/log/cluster/corosync.log"], "lines": 500 }
- args:
pcs_logs_journalctl: read journal for units (defaults to pacemaker and corosync)- args:
{ "units": ["pacemaker", "corosync"], "lines": 300, "since": "2 hours ago", "priority": "warning", "grep": "fail|error" }
- args:
Each tool accepts a cluster name from config or sshConfigHost/sshConfigPath, and sudo.
Security considerations
- Prefer key-based SSH; avoid passwords when possible.
- Set
PACEMAKER_INSECURE_ACCEPT_UNKNOWN_HOST_KEYS=falsein production. - Only use
sudoif required by your environment.
Development
npm run typecheck
npm run build
# Run from TS directly (dev):
npm run dev
Open with MCP Inspector (from dist output):
npx @modelcontextprotocol/inspector@latest node $(pwd)/dist/index.js
See CONTRIBUTING.md for PR guidelines.
License
MIT. See LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.