fix: update FreeCAD MCP URL and ports for consistency and add new backend configurations in Titania

2026-03-28 22:32:17 +00:00
parent 45db26040e
commit 56d7fdb9cf
6 changed files with 134 additions and 74 deletions
--- a/docs/freecad_mcp.md
+++ b/docs/freecad_mcp.md
@@ -690,6 +690,40 @@ See [docs/COMPARISON.md](docs/COMPARISON.md) for a detailed analysis of these im

 ---

+## Ouranos Deployment
+
+The FreeCAD Robust MCP Server runs on `caliban.incus` and is exposed via Titania's HAProxy with TLS termination.
+
+### Architecture
+
+```
+External Agent (e.g., Claude Desktop / MCP Switchboard)
+        │  MCP Protocol (Streamable HTTP, TLS)
+        │  https://freecad-mcp.ouranos.helu.ca/mcp
+        ▼
+  Titania HAProxy (TLS termination, wildcard cert)
+        │  http://caliban.incus:22032/mcp
+        ▼
+  FreeCAD Robust MCP Server (HTTP transport mode)
+        │  XML-RPC (localhost:9875)
+        ▼
+  FreeCAD (GUI or headless)
+```
+
+### Integration
+
+The MCP URL is registered in `group_vars/all/vars.yml`:
+
+```yaml
+freecad_mcp_url: https://freecad-mcp.ouranos.helu.ca/mcp
+```
+
+The route is served via Titania's HAProxy using the existing `*.ouranos.helu.ca` Let's Encrypt wildcard certificate.
+
+**To deploy:** `ansible-playbook ansible/haproxy/configure.yml`
+
+---
+
 ## License

 MIT License - see [LICENSE](LICENSE) for details.
--- a/docs/kernos.md
+++ b/docs/kernos.md
@@ -2,15 +2,6 @@

 HTTP-enabled MCP shell server using FastMCP. Wraps the existing `mcp-shell-server` execution logic with FastMCP's HTTP transport for remote AI agent access.

-## Overview
-
-| Property | Value |
-|----------|-------|
-| **Host** | caliban.incus |
-| **Port** | 22021 |
-| **Service Type** | Systemd service (non-Docker) |
-| **Repository** | `ssh://robert@clio.helu.ca:18677/mnt/dev/kernos` |
-
 ## Features

 - **HTTP Transport**: Accessible via URL instead of stdio
@@ -60,17 +51,17 @@ Deploys Kernos to caliban.incus:

 ### Host Variables (`ansible/inventory/host_vars/caliban.incus.yml`)

-| Variable | Default | Description |
-|----------|---------|-------------|
-| `kernos_user` | `kernos` | System user for the service |
-| `kernos_group` | `kernos` | System group for the service |
-| `kernos_directory` | `/srv/kernos` | Installation directory |
-| `kernos_port` | `22021` | HTTP server port |
-| `kernos_host` | `0.0.0.0` | Server bind address |
-| `kernos_log_level` | `INFO` | Python log level |
-| `kernos_log_format` | `json` | Log format (`json` or `text`) |
-| `kernos_environment` | `production` | Environment name for logging |
-| `kernos_allow_commands` | (see below) | Comma-separated command whitelist |
+| Variable | Description |
+|----------|-------------|
+| `kernos_user`| System user for the service |
+| `kernos_group` | System group for the service |
+| `kernos_directory` | Installation directory |
+| `kernos_port` | HTTP server port |
+| `kernos_host` | Server bind address |
+| `kernos_log_level` | Python log level |
+| `kernos_log_format` | Log format (`json` or `text`) |
+| `kernos_environment` | Environment name for logging |
+| `kernos_allow_commands` |Comma-separated command whitelist |

 ### Global Variables (`ansible/inventory/group_vars/all/vars.yml`)

@@ -110,12 +101,11 @@ The systemd service includes additional hardening:

 ### Testing Health Endpoints

-```bash
-curl http://caliban.incus:22021/health
-curl http://caliban.incus:22021/ready
-curl http://caliban.incus:22021/live
-curl -H "Accept: text/plain" http://caliban.incus:22021/metrics
-```
+/health
+/ready
+/live
+/metrics
+

 ### MCP Client Connection

@@ -174,10 +164,10 @@ The `/metrics` endpoint exposes Prometheus-compatible metrics. Add to your Prome

 ```bash
 # Check service status
-ssh caliban.incus sudo systemctl status kernos
+sudo systemctl status kernos

 # View logs
-ssh caliban.incus sudo journalctl -u kernos -f
+sudo journalctl -u kernos -f
 ```

 ## Troubleshooting
@@ -192,7 +182,7 @@ ssh caliban.incus sudo journalctl -u kernos -f
 ### Health Check Failures

 1. Verify the service is running: `systemctl status kernos`
-2. Check if port 22021 is accessible
+2. Check if port is accessible
 3. Review logs for startup errors

 ### Command Execution Denied
--- a/docs/ouranos.md
+++ b/docs/ouranos.md
@@ -32,15 +32,39 @@ All containers are named after moons of Uranus and resolved via the `.incus` DNS
 | **sycorax** | language_models | Arke LLM Proxy | ✔ |
 | **titania** | proxy_sso | HAProxy TLS termination + Casdoor SSO | ✔ |

-### oberon — Container Orchestration
+### puck — Project Application Runtime
+
+Shape-shifting trickster embodying Python's versatility.
+This is the host that runs Python projects in the Ouranos sandbox.
+It has an RDP server and is generally where application development happens.
+Each project has a number that is used to determine port numbers.
+
+- Docker engine
+- JupyterLab (port 22071 via OAuth2-Proxy)
+- Gitea Runner (CI/CD agent)
+- Django Projects: Zelus (221), Angelia (222), Athena (224), Kairos (225), Icarlos (226), MCP Switchboard (227), Spelunker (228), Peitho (229), Mnemosyne (230)
+- FastAgent Projects: Pallas (240)
+- FastAPI Projects: Daedalus (200), Arke (201) Kernos (202), Stentor (203), Orpheus (204), Periplus (205), Nike (206)
+
+### caliban — Agent Automation
+
+Autonomous computer agent learning through environmental interaction.
+
+- Docker engine
+- Agent S MCP Server (MATE desktop, AT-SPI automation)
+- Kernos MCP Shell Server (port 22062)
+- Rommie MCP Server (port 22061) — agent-to-agent GUI automation via Agent S
+- FreeCAD Robust MCP Server (port 22063) — CAD automation via FreeCAD XML-RPC
+- GPU passthrough
+- RDP access (port 25521)
+
+### oberon — Container Orchestration & Dockerized Shared Services

 King of the Fairies orchestrating containers and managing MCP infrastructure.

 - Docker engine
- MCP Switchboard (port 22785) — Django app routing MCP tool calls
+- MCP Switchboard (port 22781) — Django app routing MCP tool calls
 - RabbitMQ message queue
- Open WebUI LLM interface (port 22088, PostgreSQL backend on Portia)
- SearXNG privacy search (port 22083, behind OAuth2-Proxy)
 - smtp4dev SMTP test server (port 22025)

 ### portia — Relational Database
@@ -58,15 +82,16 @@ Air spirit — ethereal, interconnected nature mirroring graph relationships.
 - HTTP API: port 25584
 - Bolt: port 25554

-### puck — Application Runtime
+### miranda — MCP Docker Host

-Shape-shifting trickster embodying Python's versatility.
+Curious bridge between worlds — hosting MCP server containers.

- Docker engine
- JupyterLab (port 22071 via OAuth2-Proxy)
- Gitea Runner (CI/CD agent)
- Home Assistant (port 8123)
- Django applications: Angelia (22281), Athena (22481), Kairos (22581), Icarlos (22681), Spelunker (22881), Peitho (22981)
+- Docker engine (API exposed on port 2375 for MCP Switchboard)
+- MCPO OpenAI-compatible MCP proxy 22071
+- Argos MCP Server — web search via SearXNG (port 22062)
+- Grafana MCP Server (port 22063)
+- Neo4j MCP Server (port 22064)
+- Gitea MCP Server (port 22065)

 ### prospero — Observability Stack

@@ -79,16 +104,18 @@ Master magician observing all events.
 - Loki log aggregation via Alloy (all hosts)
 - Grafana dashboard suite with Casdoor SSO integration

-### miranda — MCP Docker Host
+### rosalind — Third Party Applications for testing and evaluation

-Curious bridge between worlds — hosting MCP server containers.
+Witty and resourceful moon for PHP, Go, and Node.js runtimes.

- Docker engine (API exposed on port 2375 for MCP Switchboard)
- MCPO OpenAI-compatible MCP proxy
- Grafana MCP Server (port 25533)
- Gitea MCP Server (port 25535)
- Neo4j MCP Server
- Argos MCP Server — web search via SearXNG (port 25534)
+- SearXNG privacy search (port 22083, behind OAuth2-Proxy)
+- Gitea self-hosted Git (port 22082, SSH on 22022)
+- LobeChat AI chat interface (port 22081)
+- Nextcloud file sharing and collaboration (port 22083)
+- AnythingLLM document AI workspace (port 22084)
+- Nextcloud data on dedicated Incus storage volume
+- Open WebUI LLM interface (port 22088, PostgreSQL backend on Portia
+- Home Assistant (port 8123)

 ### sycorax — Language Models

@@ -99,28 +126,6 @@ Original magical power wielding language magic.
 - Session management with Memcached
 - Database backend on Portia

-### caliban — Agent Automation
-
-Autonomous computer agent learning through environmental interaction.
-
- Docker engine
- Agent S MCP Server (MATE desktop, AT-SPI automation)
- Kernos MCP Shell Server (port 22021)
- Rommie MCP Server (port 22031) — agent-to-agent GUI automation via Agent S
- FreeCAD Robust MCP Server (port 22032) — CAD automation via FreeCAD XML-RPC
- GPU passthrough for vision tasks
- RDP access (port 25521)
-
-### rosalind — Collaboration Services
-
-Witty and resourceful moon for PHP, Go, and Node.js runtimes.
-
- Gitea self-hosted Git (port 22082, SSH on 22022)
- LobeChat AI chat interface (port 22081)
- Nextcloud file sharing and collaboration (port 22083)
- AnythingLLM document AI workspace (port 22084)
- Nextcloud data on dedicated Incus storage volume
-
 ### titania — Proxy & SSO Services

 Queen of the Fairies managing access control and authentication.
@@ -134,6 +139,21 @@ Queen of the Fairies managing access control and authentication.

 ---

+## Port Numbering
+
+Well-known ports running as a service may be used: Postgresql 5432, Prometheus Metrics 9100.
+
+However inside a docker project, the number plan needs to be followed to avoid port conflicts and confusion:
+XXXYZ
+XXX Project Number or 220 for external project 
+Y Service: 0 reserved, 1-4 flexible, 5 database, 6 MCP, 7 API, 8 Web App, 9 Prometheus metrics
+Z Instance: The running instance of this app on the same host, starting at 1.  May also be used to handle exceptions.
+
+255 Incus port forwarding: Ports in ths range are forwarded from the Incus host to Incus containers (defined in Terraform)
+
+514ZZ is the syslog port.  Docker containers send their syslog to an Alloy syslog collector port.  ZZ is the application instance, they just need to be different on the same host and increment from 01.
+
+
 ## External Access via HAProxy

 Titania provides TLS termination and reverse proxy for all services.
@@ -162,7 +182,7 @@ Titania provides TLS termination and reverse proxy for all services.
 | `kairos.ouranos.helu.ca` | puck.incus:22581 | Kairos (Django) |
 | `lobechat.ouranos.helu.ca` | rosalind.incus:22081 | LobeChat |
 | `loki.ouranos.helu.ca` | prospero.incus:443 (SSL) | Loki |
-| `mcp-switchboard.ouranos.helu.ca` | oberon.incus:22785 | MCP Switchboard |
+| `mcp-switchboard.ouranos.helu.ca` | oberon.incus:22781 | MCP Switchboard |
 | `nextcloud.ouranos.helu.ca` | rosalind.incus:22083 | Nextcloud |
 | `openwebui.ouranos.helu.ca` | oberon.incus:22088 | Open WebUI |
 | `peitho.ouranos.helu.ca` | puck.incus:22981 | Peitho (Django) |