Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

Chapter 11. Using the MCP server for RHEL to enable AI assistants to run, discover, and troubleshoot complex issues

Using the Model Context Protocol (MCP) server for RHEL, you can enable LLMs to act as system administrators, capable of discovering and troubleshooting complex issues across your infrastructure.

You can use an AI assistant of your preference, such as Goose or Gemini CLI, and by using SSH through your own account, the tools that your AI assistant runs are subject to the same security restrictions. The MCP server provides a protected way for AI models to perform system administration tasks, troubleshoot issues, and read configuration files on the target system machines.

Use the MCP server for RHEL for read-only Linux system administration with an agent-based AI of your choice on RHEL 10 Base operating system, on-premise hosts. The MCP server for RHEL is available through the RHEL Developer Subscription for production testing and can run on RHEL or Linux, macOS, and Windows 11 operating systems.

Important

Red Hat Enterprise Linux (RHEL) command-line assistant is Developer Preview software only. Developer Preview software is not supported by Red Hat in any way and is not functionally complete or production-ready. Do not use Developer Preview software for production or business-critical workloads. Developer Preview software provides early access to upcoming product software in advance of its possible inclusion in a Red Hat product offering. Customers can use this software to test functionality and provide feedback during the development process. This software might not have any documentation, is subject to change or removal at any time, and has received limited testing. Red Hat might provide ways to submit feedback on Developer Preview software without an associated SLA.

For more information about the support scope of Red Hat Developer Preview software, see Developer Preview Support Scope.

The MCP server for RHEL has the following capabilities:

  • Inspect local and target systems for troubleshooting.
  • Public key discovery to list available public keys from the local ~/.ssh directory.
  • Comprehensive error handling with clear error messages for connection and execution issues.

The MCP server for RHEL has the following system management features:

  • Read-only operations: All tools are strictly read-only for safe diagnostics.
  • Remote SSH execution: Inspect systems by using SSH with key-based authentication.
  • Local execution: Inspect the local system (when the MCP server is not running in a container).
  • Multi-host management: Connect to different target system hosts in the same LLM session.
  • Comprehensive diagnostics: System information, services, processes, logs, network, and storage.
  • Configurable log access: Use environment variables to control which log files are accessible.

11.1. Using SSH to authenticate the RHEL MCP server to a target machine
リンクのコピー

To enable the RHEL MCP server to connect to your target machine by using SSH, you must use an account with key-based authentication.

Prerequisites

  • A client machine with the operating system of your choice.
  • A RHEL target machine.
  • SSH connectivity between the host running the MCP server and the RHEL target machine.

Procedure

  1. On the client machine, generate an SSH keypair: 

    $ ssh-keygen -t ed25519 -C "<your-email@example.com>" -f id_ed25519_mcp
    Copy to Clipboard Toggle word wrap

  2. On the RHEL target machine, create a non-root user:

    1. Access the VM by SSH and run the following commands: 

      $ sudo useradd mcp
$ sudo passwd tester
      Copy to Clipboard Toggle word wrap

  3. On the client machine, add the target machine to your SSH configuration file:

    1. Edit the ~/.ssh/config configuration file and add the following information: 

      Host <rhel-10-0>
HostName <target-machine-ip-address>
User <user-test>
Port 22
IdentityFile <path-to-your-ssh-pub-key>
StrictHostKeyChecking no
      Copy to Clipboard Toggle word wrap

  4. Copy your public key from your client machine to the target machine. 

    $ ssh-copy-id -i ~/.ssh/id_ed25519_mcp.pub mcp@<vm_ip_address>
    Copy to Clipboard Toggle word wrap

  5. Restart the SSH service: 

    $ sudo systemctl restart sshd
    Copy to Clipboard Toggle word wrap

11.2. Installing the RHEL MCP server
リンクのコピー

You can install the RHEL MCP server on your host to use it with any AI client. Choose one of the following methods to perform the installation based on your security requirements.

  • Running the MCP server from a container for enhanced security.
  • Installing the MCP server locally by using pip package manager for direct host administration.

11.2.1. Running the MCP server for RHEL from a container image
リンクのコピー

You can run the MCP server on your system by using a container image. The MCP server uses SSH to connect to target system hosts. You must make the SSH keys available inside the container. If the SSH key is encrypted, you must provide a passphrase to decrypt the key.

Note

In container-based scenarios, you cannot use the MCP server for RHEL to inspect the local system.

Prerequisites

  • The container-tools meta-package is installed.
  • Podman is installed on your host machine.
  • A target machine where the MCP server for RHEL executes commands by SSH.

Procedure

  • On the LLM client, run the container image: 

    podman run --rm --interactive --userns keep-id:uid=1001,gid=0 -e LINUX_MCP_KEY_PASSPHRASE -e LINUX_MCP_USER -v $HOME/.ssh/id_ed25519_mcp:/var/lib/mcp/.ssh/id_ed25519:ro,Z -v $HOME/.local/share/linux-mcp-server/logs:/var/lib/mcp/.local/share/linux-mcp-server/logs:rw,Z quay.io/redhat-services-prod/rhel-lightspeed-tenant/linux-mcp-server:latest
    Copy to Clipboard Toggle word wrap

    The --rm option removes the container image after the container exits.

Verification

  • List the running containers: 

    $ podman ps
    Copy to Clipboard Toggle word wrap

11.2.2. Installing the MCP server for RHEL by using pip
リンクのコピー

The MCP server for RHEL runs locally on the same machine as your AI agent. The MCP server for RHEL is responsible for connecting to your target RHEL machine. Your AI agent communicates with this local server by standard I/O (stdio).

Prerequisites

  • Python 3.10 or higher. 

    $ sudo dnf install python3 python3-pip
    Copy to Clipboard Toggle word wrap

Procedure

  • Install the package from PyPI: 

    $ pip install --user linux-mcp-server
    Copy to Clipboard Toggle word wrap

Verification

  • Test the server: 

    $ ~/.local/bin/linux-mcp-server
    Copy to Clipboard Toggle word wrap

    The server starts and displays initialization messages.

  • To stop the MCP server, press the Ctrl+C keys, then the Return key.

Next steps

11.2.3. Configuring the MCP server for RHEL in your AI client
リンクのコピー

To integrate your AI clients with the RHEL MCP server, use a JSON configuration and embed it directly into the AI application settings file or include it as a separate JSON file.

The MCP server for RHEL JSON configuration requires the following parameters:

Expand

MCP Server or Connection Type

Standard IO (STDIO)

ID / Name

linux-tools

Description

Linux system diagnostics

Command

/home/<your-username>/.local/bin/linux-mcp-server

Arguments

[] (Empty array)

Environment Variables

LINUX_MCP_USER=<your-ssh-username>

Prerequisites

  • AI client of your choice.

Procedure

  • Add the mcpServers JSON configuration to integrate into your AI application: 

    {
 "mcpServers": {
   "linux-mcp-server": {
     "command": "~/.local/bin/linux-mcp-server",
     "args": [],
     "env": {
       "LINUX_MCP_USER": "<your-ssh-username>"
     }
   }
 }
}
    Copy to Clipboard Toggle word wrap

11.3. Using the MCP server for RHEL to query information from a RHEL system
リンクのコピー

You can use the MCP server for RHEL to enable an LLM to obtain and analyze RHEL system logs, including journald and syslog data, to detect advanced anomalies, security threat identification, and AI-driven root cause analysis, turning log data into actionable intelligence.

You can also use the MCP server for RHEL to enable an LLM to run commands on the RHEL system.

Prerequisites

  • You installed the MCP server for RHEL.

Procedure

  1. Optional: Configure environment variables to select which log files the MCP server for RHEL can access, and the logging level required. 

    export LINUX_MCP_ALLOWED_LOG_PATHS="/var/log/messages,/var/log/secure,/var/log/audit/audit.log"
export LINUX_MCP_LOG_LEVEL="INFO"
    Copy to Clipboard Toggle word wrap

  2. Run the RHEL MCP server. 

    $ linux-mcp-server
    Copy to Clipboard Toggle word wrap

  3. Ask questions, for example: 

    "What version of RHEL is this system running?"
"Show me the current CPU load and usage per core."
"How much memory is being used on this system?"
"Which filesystems are running out of space?"
"What hardware is installed in this system?"
"Show me all critical and error logs since yesterday."
    Copy to Clipboard Toggle word wrap
    Warning

    Current known issues and limitations:

    • You might experience issues getting the SSH authentication working in the container, especially with Docker, because it does not support user namespace mapping. To workaround this issue, the SSH key file must be owned by UID 1001 on the container host.
    • When you run the MCP server for RHEL in a container, it cannot inspect the local system due to the isolation of containerized environments.
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2026 Red Hatトップに戻る