Skip to content

Commit 6f1deb1

Browse files
ycedresycedres
authored
Merge pull request #35 from uyuni-project/renner-config-update
Update UYUNI_SSL_VERIFY to UYUNI_MCP_SSL_VERIFY
2 parents 3bab548 + 37c662c commit 6f1deb1

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

README.md

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,26 +32,31 @@ There are two main ways to run the `mcp-server-uyuni`: using the pre-built Docke
3232

3333
Before running the server, you need to create a `config` file. You can place it anywhere, but you must provide the correct path to it when running the server.
3434

35-
3635
```
36+
# Required: Basic server parameters.
3737
UYUNI_SERVER=192.168.1.124:8443
3838
UYUNI_USER=admin
3939
UYUNI_PASS=admin
40+
4041
# Optional: Set to 'false' to disable SSL certificate verification. Defaults to 'true'.
41-
# UYUNI_SSL_VERIFY=false
42+
# UYUNI_MCP_SSL_VERIFY=false
43+
4244
# Optional: Set to 'true' to enable tools that perform write actions (e.g., POST requests). Defaults to 'false'.
4345
# UYUNI_MCP_WRITE_TOOLS_ENABLED=false
46+
47+
> [!WARNING]
48+
> **Security Note on Write Tools:** Enabling `UYUNI_MCP_WRITE_TOOLS_ENABLED` allows the execution of state-changing and potentially destructive actions (e.g., removing systems, applying updates). When combined with `UYUNI_MCP_TRANSPORT=http`, this risk is amplified, as any client with network access can perform these actions. Only enable write tools in a trusted environment.
49+
4450
# Optional: Set the transport protocol. Can be 'stdio' (default) or 'http'.
4551
# UYUNI_MCP_TRANSPORT=stdio
4652
4753
> [!WARNING]
4854
> **Security Note on HTTP Transport:** When `UYUNI_MCP_TRANSPORT` is set to `http`, the server runs without authentication. This means any client with network access can execute commands. Only use this mode in a trusted, isolated network environment. For more details, see the Security Policy.
4955
50-
> [!WARNING]
51-
> **Security Note on Write Tools:** Enabling `UYUNI_MCP_WRITE_TOOLS_ENABLED` allows the execution of state-changing and potentially destructive actions (e.g., removing systems, applying updates). When combined with `UYUNI_MCP_TRANSPORT=http`, this risk is amplified, as any client with network access can perform these actions. Only enable write tools in a trusted environment.
52-
5356
# Optional: Set the path for the server log file. Defaults to logging to the console.
5457
# UYUNI_MCP_LOG_FILE_PATH=/var/log/mcp-server-uyuni.log
58+
59+
# Required to bootstrap new systems into Uyuni via the `add_system` tool.
5560
UYUNI_SSH_PRIV_KEY="-----BEGIN OPENSSH PRIVATE KEY-----\n..."
5661
UYUNI_SSH_PRIV_KEY_PASS=""
5762
```

0 commit comments

Comments
 (0)