Trento Docs :: Trento Documentation

Installing Trento MCP Server

The Trento MCP Server can be deployed in different ways depending on your infrastructure and requirements.

Supported installation methods:

Kubernetes deployment
systemd deployment

Prerequisites Trento MCP Server

The Trento MCP Server is lightweight and stateless. No persistent storage is required; allocate space for logs as per your logging policy. Before installing the Trento MCP Server, both Trento Web and Trento Wanda components must be running and be accessible for the Trento MCP Server to function properly.

There must be network connectivity between the Trento MCP Server and Trento Server components.
Access to the Trento Server URL (important when deployed behind NGINX, or any other reverse proxy) must be possible.

Kubernetes deployment of Trento MCP Server

The subsection uses the following placeholders:

TRENTO_SERVER_HOSTNAME: the host name used by the end user to access the console.
ADMIN_PASSWORD: the password of the admin user created during the installation process.

The password must meet the following requirements:
- minimum length of 8 characters
- the password must not contain 3 identical numbers or letters in a row (for example, 111 or aaa)
- the password must not contain 4 sequential numbers or letters (for example, 1234, abcd, ABCD)

Enable the Trento MCP Server

When installing Trento Server following the instructions in [sec-trento-k8s-deployment], the Trento MCP Server is disabled by default. Enable it by passing --set trento-mcp-server.enabled=true:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=TRENTO_SERVER_HOSTNAME \
  --set trento-web.adminUser.password=ADMIN_PASSWORD \
  --set trento-mcp-server.enabled=true

The Trento MCP Server will automatically connect to the Trento Web and Trento Wanda internal services within the Kubernetes cluster.

Verify the Trento MCP Server installation

Check that the Trento MCP Server Pod is running:

kubectl get pods -l app.kubernetes.io/name=mcp-server

Example output:

NAME                                       READY   STATUS    RESTARTS   AGE
trento-server-mcp-server-xxxxxxxxxx-xxxxx  1/1     Running   0          2m

Check the logs:

kubectl logs -l app.kubernetes.io/name=mcp-server

Check the Trento MCP Server health endpoints:

# Expose the health check port from the Pod, as it is not exposed as a Kubernetes Service.
kubectl port-forward --namespace default \
  $(kubectl get pods --namespace default -l app.kubernetes.io/name=mcp-server -o jsonpath="{.items[0].metadata.name}") \
  8080:8080

While the previous command is running, perform the following check:

# Liveness endpoint:
curl http://localhost:8080/livez

# Readiness endpoint:
curl http://localhost:8080/readyz

Example output:

# Liveness:
{"info":{"name":"trento-mcp-server","version":"0.1.0"},"status":"up"}

# Readiness:
{"status":"up","details":{"mcp-server":{"status":"up","timestamp":"2025-10-09T12:11:09.528898849Z"},"wanda-api":{"status":"up","timestamp":"2025-10-09T12:11:09.544855047Z"},"web-api":{"status":"up","timestamp":"2025-10-09T12:11:09.544855047Z"}}}

Trento MCP Server Helm configuration options

The Trento MCP Server Helm chart supports various configuration options:

Customize Ingress Path
Adjust Log Verbosity
Adjust Resource Limits
Disabling Health Check Probes

Customize Ingress Path

By default, ingress is enabled. To customize the ingress configuration in a basic K3s installation, run the command below:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=TRENTO_SERVER_HOSTNAME \
  --set trento-web.adminUser.password=ADMIN_PASSWORD \
  --set trento-mcp-server.enabled=true \
  --set trento-mcp-server.ingress.hosts[0].host=TRENTO_SERVER_HOSTNAME \
  --set trento-mcp-server.ingress.hosts[0].paths[0].path=/mcp-server-trento \
  --set trento-mcp-server.ingress.hosts[0].paths[0].pathType=ImplementationSpecific

The Trento MCP Server endpoint will be: https://TRENTO_SERVER_HOSTNAME/mcp-server-trento/mcp

Adjust Log Verbosity

The default log level is info. Adjust it for debugging:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=TRENTO_SERVER_HOSTNAME \
  --set trento-web.adminUser.password=ADMIN_PASSWORD \
  --set trento-mcp-server.enabled=true \
  --set trento-mcp-server.mcpServer.verbosity=debug

Adjust Resource Limits

For production deployments with different resource requirements:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=TRENTO_SERVER_HOSTNAME \
  --set trento-web.adminUser.password=ADMIN_PASSWORD \
  --set trento-mcp-server.enabled=true \
  --set trento-mcp-server.resources.requests.cpu=100m \
  --set trento-mcp-server.resources.requests.memory=128Mi \
  --set trento-mcp-server.resources.limits.cpu=1000m \
  --set trento-mcp-server.resources.limits.memory=1Gi

Disabling Health Check Probes

Health check probes are enabled by default. To disable them if needed, run the following command:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=TRENTO_SERVER_HOSTNAME \
  --set trento-web.adminUser.password=ADMIN_PASSWORD \
  --set trento-mcp-server.enabled=true \
  --set trento-mcp-server.livenessProbe.enabled=false \
  --set trento-mcp-server.readinessProbe.enabled=false

Complete configuration example

Below is a complete example that configures external access via a custom ingress path:

helm upgrade --install trento-server oci://registry.suse.com/trento/trento-server \
  --set global.trentoWeb.origin=https://trento.example.com \
  --set trento-web.adminUser.password=SecurePassword123 \
  --set trento-mcp-server.enabled=true \
  --set trento-mcp-server.mcpServer.trentoURL=https://trento.example.com \
  --set trento-mcp-server.ingress.hosts[0].host=trento.example.com \
  --set trento-mcp-server.ingress.hosts[0].paths[0].path=/mcp-server-trento \
  --set trento-mcp-server.ingress.hosts[0].paths[0].pathType=ImplementationSpecific

systemd deployment

A systemd-based installation of the Trento MCP Server using RPM packages can be performed manually on the latest supported versions of SUSE Linux Enterprise Server for SAP applications.

Supported versions:

SUSE Linux Enterprise Server for SAP applications 15: SP4–SP7
SUSE Linux Enterprise Server for SAP applications 16.0

Installing Trento MCP Server using RPM packages

Install the Trento MCP Server package:
```
zypper install mcp-server-trento
```

Configure Trento MCP Server

Create the Trento MCP Server configuration file /etc/trento/mcp-server-trento by copying the example:
```
cp /etc/trento/mcp-server-trento.example /etc/trento/mcp-server-trento
```

Edit the configuration file to point to your Trento Server:

vim /etc/trento/mcp-server-trento

Example configuration:

AUTODISCOVERY_PATHS=/api/all/openapi,/wanda/api/all/openapi
ENABLE_HEALTH_CHECK=false
HEADER_NAME=Authorization
HEALTH_API_PATH=/api/healthz
HEALTH_PORT=8080
# OAS_PATH=https://trento.example.com/api/all/openapi,https://trento.example.com/wanda/api/all/openapi
PORT=5000
TAG_FILTER=MCP
TRANSPORT=streamable
TRENTO_URL=https://trento.example.com
VERBOSITY=info
INSECURE_SKIP_TLS_VERIFY=false

Configure the Trento MCP Server using either TRENTO_URL or OAS_PATH.
If OAS_PATH is left empty, the Trento MCP Server automatically discovers the APIs from the Trento Server using TRENTO_URL.
If OAS_PATH is set, it takes precedence and TRENTO_URL is ignored.

Use TRENTO_URL when one or more of the following conditions apply:

Trento Server is deployed behind a reverse proxy (NGINX, etc.).
The Trento MCP Server runs on a different host or network than Trento Server.
You want to use external or public URLs.
You prefer automatic API autodiscovery.

Use OAS_PATH when one or more of the following conditions apply:

You want to connect directly to internal services without autodiscovery.
You need to bypass reverse proxy configurations.

Start the Trento MCP Server service

Enable and start the Trento MCP Server service:

systemctl enable --now mcp-server-trento

Verify the Trento MCP Server service

Verify the service is running:

systemctl status mcp-server-trento

Expected output:

● mcp-server-trento.service - Trento MCP Server service
     Loaded: loaded (/usr/lib/systemd/system/mcp-server-trento.service; enabled)
     Active: active (running) since ...

Check the service logs:
```
journalctl -u mcp-server-trento -f
```
If firewalld is running, allow Trento MCP Server to be accessible and add an exception to firewalld:
```
firewall-cmd --zone=public --add-port=5000/tcp --permanent
firewall-cmd --reload
```
If you enabled health checks and want to expose them, also allow the health check port:
```
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
```

If you enabled health checks, verify the endpoints locally:

# Note: Replace localhost with the server's IP/hostname if running these commands from a remote machine,
# and ensure the health port is allowed by your firewall.

# Liveness endpoint:
curl http://localhost:8080/livez

# Example output:
# {"info":{"name":"trento-mcp-server","version":"0.1.0"},"status":"up"}

# Readiness endpoint:
curl http://localhost:8080/readyz

# Example output:
# {"status":"up","details":{"mcp-server":{"status":"up","timestamp":"2025-10-09T12:11:09.528898849Z"},"wanda-api":{"status":"up","timestamp":"2025-10-09T12:11:09.542078327Z"},"web-api":{"status":"up","timestamp":"2025-10-09T12:11:09.544855047Z"}}}