mirror of
https://github.com/BillyOutlast/sec-mcp.git
synced 2026-07-01 12:50:00 -04:00
Add preflight checks script and update setup instructions for Podman
This commit is contained in:
@@ -9,6 +9,15 @@ This stack exposes MCP servers through `mcpo` as OpenAPI endpoints.
|
||||
|
||||
Run these in the target runtime environment (inside your LXC if using Proxmox):
|
||||
|
||||
Preferred automated check:
|
||||
|
||||
```bash
|
||||
chmod +x ./preflight.sh
|
||||
./preflight.sh
|
||||
```
|
||||
|
||||
Equivalent manual checks:
|
||||
|
||||
```bash
|
||||
ls -l /dev/kfd
|
||||
ls -l /dev/dri
|
||||
|
||||
@@ -16,7 +16,6 @@ This stack is **ROCm-only** for Ollama.
|
||||
## Files
|
||||
|
||||
- `docker-compose.yml` - Main stack (Ollama runs with ROCm)
|
||||
- `kali-mcp/` - Local build context for `kali-mcp-sse` image
|
||||
- `mcpo-config.template.json` - Templated `mcpo` multi-server config
|
||||
- `.env.example` - Environment variable template
|
||||
- `OPENWEBUI_MCP_SETUP.md` - Step-by-step MCP setup inside Open WebUI
|
||||
@@ -38,18 +37,19 @@ Running in Proxmox LXC?
|
||||
Copy-Item .env.example .env
|
||||
```
|
||||
|
||||
If `kali-mcp/` is missing, clone it first:
|
||||
|
||||
```powershell
|
||||
git clone https://github.com/k3nn3dy-ai/kali-mcp.git kali-mcp
|
||||
```
|
||||
|
||||
2. Start base stack:
|
||||
|
||||
```powershell
|
||||
docker compose up -d --build
|
||||
```
|
||||
|
||||
Recommended for Podman/LXC first:
|
||||
|
||||
```bash
|
||||
chmod +x ./preflight.sh
|
||||
./preflight.sh
|
||||
```
|
||||
|
||||
Podman users:
|
||||
|
||||
```bash
|
||||
@@ -59,10 +59,14 @@ podman compose up -d --build
|
||||
Or use the bootstrap helper:
|
||||
|
||||
```bash
|
||||
chmod +x ./preflight.sh
|
||||
./preflight.sh
|
||||
chmod +x ./bootstrap.sh
|
||||
./bootstrap.sh
|
||||
```
|
||||
|
||||
The bootstrap script runs preflight checks for `/dev/net/tun`, `/dev/kfd`, and `/dev/dri` before starting Podman Compose.
|
||||
|
||||
3. Open services:
|
||||
|
||||
- Open WebUI: `http://localhost:3000`
|
||||
|
||||
+10
-5
@@ -3,11 +3,16 @@ set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
if [ ! -d "./kali-mcp/.git" ]; then
|
||||
echo "[bootstrap] Cloning kali-mcp..."
|
||||
git clone https://github.com/k3nn3dy-ai/kali-mcp.git kali-mcp
|
||||
else
|
||||
echo "[bootstrap] kali-mcp already present."
|
||||
if [ ! -e "/dev/net/tun" ]; then
|
||||
echo "[bootstrap] ERROR: /dev/net/tun is missing."
|
||||
echo "[bootstrap] In Proxmox LXC, enable container networking features before Podman builds."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "/dev/kfd" ] || [ ! -e "/dev/dri" ]; then
|
||||
echo "[bootstrap] ERROR: ROCm devices are missing (/dev/kfd or /dev/dri)."
|
||||
echo "[bootstrap] Apply Proxmox LXC passthrough settings from OPENWEBUI_MCP_SETUP.md and restart CT."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[bootstrap] Starting stack with Podman Compose..."
|
||||
|
||||
+16
-4
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
init-mcps:
|
||||
image: alpine/git:2.47.0
|
||||
image: alpine/git:latest
|
||||
command: >-
|
||||
sh -lc "
|
||||
set -e;
|
||||
@@ -15,6 +15,11 @@ services:
|
||||
else
|
||||
cd /opt/mcps/markdownify-mcp && git pull --ff-only;
|
||||
fi
|
||||
if [ ! -d /opt/mcps/kali-mcp/.git ]; then
|
||||
git clone https://github.com/k3nn3dy-ai/kali-mcp.git /opt/mcps/kali-mcp;
|
||||
else
|
||||
cd /opt/mcps/kali-mcp && git pull --ff-only;
|
||||
fi
|
||||
"
|
||||
volumes:
|
||||
- mcp_sources:/opt/mcps
|
||||
@@ -34,9 +39,16 @@ services:
|
||||
- "5000"
|
||||
|
||||
kali-mcp-sse:
|
||||
build:
|
||||
context: ./kali-mcp
|
||||
command: ["python", "-m", "kali_mcp_server.server", "--transport", "sse", "--port", "8000"]
|
||||
image: python:3.12-slim
|
||||
depends_on:
|
||||
- init-mcps
|
||||
command: >-
|
||||
sh -lc "
|
||||
python -m pip install --no-cache-dir /opt/mcps/kali-mcp &&
|
||||
python -m kali_mcp_server.server --transport sse --port 8000
|
||||
"
|
||||
volumes:
|
||||
- mcp_sources:/opt/mcps
|
||||
expose:
|
||||
- "8000"
|
||||
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
ok() { echo "[OK] $1"; }
|
||||
warn() { echo "[WARN] $1"; }
|
||||
fail() { echo "[FAIL] $1"; }
|
||||
|
||||
has_error=0
|
||||
|
||||
check_exists() {
|
||||
local path="$1"
|
||||
local message="$2"
|
||||
if [ -e "$path" ]; then
|
||||
ok "$message"
|
||||
else
|
||||
fail "$message"
|
||||
has_error=1
|
||||
fi
|
||||
}
|
||||
|
||||
echo "[preflight] sec-mcp environment checks"
|
||||
echo
|
||||
|
||||
if command -v podman >/dev/null 2>&1; then
|
||||
ok "podman is installed"
|
||||
else
|
||||
fail "podman not found in PATH"
|
||||
echo " Install Podman before continuing."
|
||||
has_error=1
|
||||
fi
|
||||
|
||||
if podman compose version >/dev/null 2>&1; then
|
||||
ok "podman compose is available"
|
||||
else
|
||||
fail "podman compose provider is unavailable"
|
||||
echo " Install podman-compose or enable compose provider for Podman."
|
||||
has_error=1
|
||||
fi
|
||||
|
||||
if podman info >/dev/null 2>&1; then
|
||||
ok "podman daemon/runtime is healthy"
|
||||
else
|
||||
fail "podman info failed"
|
||||
echo " Verify container runtime setup inside your Proxmox LXC."
|
||||
has_error=1
|
||||
fi
|
||||
|
||||
check_exists "/dev/net/tun" "/dev/net/tun is present (required for Podman networking)"
|
||||
check_exists "/dev/kfd" "/dev/kfd is present (ROCm device)"
|
||||
check_exists "/dev/dri" "/dev/dri is present (DRM device)"
|
||||
|
||||
if [ -f "docker-compose.yml" ]; then
|
||||
ok "docker-compose.yml found"
|
||||
else
|
||||
fail "docker-compose.yml not found in current directory"
|
||||
has_error=1
|
||||
fi
|
||||
|
||||
if [ -f ".env" ]; then
|
||||
ok ".env found"
|
||||
else
|
||||
warn ".env missing (copy from .env.example)"
|
||||
fi
|
||||
|
||||
if [ "$has_error" -ne 0 ]; then
|
||||
echo
|
||||
echo "[preflight] One or more critical checks failed."
|
||||
echo "[preflight] For Proxmox LXC remediation, see OPENWEBUI_MCP_SETUP.md section '0) Proxmox LXC (ROCm) setup'."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo
|
||||
ok "All critical checks passed"
|
||||
echo "[preflight] You can now run: podman compose up -d --build"
|
||||
Reference in New Issue
Block a user