#!/usr/bin/env bash # install-agent.sh -- Install and configure the MCP agent. # # Usage: install-agent.sh [path-to-mcp-agent-binary] # # This script is idempotent and safe to run multiple times. set -euo pipefail if [[ "$(id -u)" -ne 0 ]]; then echo "error: this script must be run as root" >&2 exit 1 fi SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DEPLOY_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" BINARY="${1:-./mcp-agent}" # ------------------------------------------------------------------ # 1. Create mcp user and group # ------------------------------------------------------------------ if ! id -u mcp &>/dev/null; then useradd --system --shell /sbin/nologin --home-dir /srv/mcp --no-create-home mcp echo "Created system user: mcp" else echo "User mcp already exists" fi # ------------------------------------------------------------------ # 2. Create directories # ------------------------------------------------------------------ install -d -o mcp -g mcp -m 0750 /srv/mcp install -d -o mcp -g mcp -m 0750 /srv/mcp/certs install -d -o mcp -g mcp -m 0750 /srv/mcp/backups # ------------------------------------------------------------------ # 3. Install binary # ------------------------------------------------------------------ if [[ ! -f "${BINARY}" ]]; then echo "error: binary not found: ${BINARY}" >&2 echo "Usage: $0 [path-to-mcp-agent-binary]" >&2 exit 1 fi install -o root -g root -m 0755 "${BINARY}" /usr/local/bin/mcp-agent echo "Installed mcp-agent to /usr/local/bin/mcp-agent" # ------------------------------------------------------------------ # 4. Install example config if none exists # ------------------------------------------------------------------ if [[ ! -f /srv/mcp/mcp-agent.toml ]]; then install -o mcp -g mcp -m 0640 "${DEPLOY_DIR}/examples/mcp-agent.toml" /srv/mcp/mcp-agent.toml echo "Installed example config to /srv/mcp/mcp-agent.toml (edit before starting)" else echo "Config /srv/mcp/mcp-agent.toml already exists, skipping" fi # ------------------------------------------------------------------ # 5. Install systemd units # ------------------------------------------------------------------ install -o root -g root -m 0644 "${DEPLOY_DIR}/systemd/mcp-agent.service" /etc/systemd/system/ install -o root -g root -m 0644 "${DEPLOY_DIR}/systemd/mcp-agent-backup.service" /etc/systemd/system/ install -o root -g root -m 0644 "${DEPLOY_DIR}/systemd/mcp-agent-backup.timer" /etc/systemd/system/ # ------------------------------------------------------------------ # 6. Reload systemd # ------------------------------------------------------------------ systemctl daemon-reload echo "Systemd units installed and daemon reloaded" # ------------------------------------------------------------------ # 7. Next steps # ------------------------------------------------------------------ cat <<'NEXT' --- Next steps --- 1. Edit /srv/mcp/mcp-agent.toml: - Set server.grpc_addr to this node's overlay IP - Set agent.node_name to this node's name - Set mcias.server_url to the MCIAS server address - Place TLS cert/key in /srv/mcp/certs/ 2. Enable and start the agent: systemctl enable --now mcp-agent 3. Enable the daily backup timer: systemctl enable --now mcp-agent-backup.timer 4. Verify the agent is running: systemctl status mcp-agent journalctl -u mcp-agent -f NEXT