How to set up an MCP server for Red Hat Lightspeed

Red Hat Lightspeed (formerly known as Red Hat Insights) delivers proactive analytics and helps teams improve reliability, streamline operations, and reduce manual analysis. The Model Context Protocol (MCP) is the new foundational technology that introduces a conversational layer, allowing an LLM (AI) to interact with your services using natural language. This means less time spent digging through dashboards and more time getting direct, actionable answers.

Imagine you received a critical alert for a CVE. Instead of frantically searching through multiple dashboards and documentation, you can simply ask insights-mcp, "What systems are affected by this CVE?" Red Hat Lightspeed MCP allows the LLM to access your Red Hat Lightspeed data to instantly provide the diagnostic information and a specific remediation playbook, all through a simple natural language prompt. This immediate, actionable intelligence is why Lightspeed MCP is a game-changer for enhancing incident response and keeping your operations running smoothly.

This guide outlines how you can quickly get started with the insights-mcp service by setting up credentials, deploying the server, and connecting your client tools.

Set up credentials

The insights-mcp server acts as a standardized bridge (MCP) between an AI client (like VS Code, Cursor, or Claude Desktop) and the Red Hat Lightspeed APIs. 

Installation requires setting up a service account and running the containerized server.

Service account setup:

Go to the Red Hat Hybrid Cloud Console → Click Settings (⚙️ gear icon) → Service Accounts Create a service account and retain Client ID and Client secret for later. See below in the integration instructions, where they are respectively referred to as INSIGHTS_CLIENT_ID and INSIGHTS_CLIENT_SECRET.

Next, you need to assign roles. Service accounts allow you to scope the privileges granted to your LLM, ensuring the AI can only access the Red Hat Lightspeed APIs necessary for its tasks. By carefully selecting roles, you maintain control over data access and overall security. 

Different toolsets require specific roles for your service account:

• Advisor tools: RHEL Advisor viewer
• Inventory tools: Inventory Hosts viewer
• Vulnerability tools: Vulnerability viewer and Inventory Hosts viewer
• Remediation tools: Remediations user

By default, service accounts have no access. To grant permissions to service accounts, the user with user access administrator role must assign permissions. For detailed step-by-step instructions, watch this video tutorial: Service Account Permissions Setup. 

Here are the steps to follow:

1. Log in as organization administrator with user access administrator role.
2. Navigate to User Access Settings: Click Settings (⚙️ Gear Icon) → User Access → Groups.
3. Assign permissions (choose one option):
   • Option A - Create new group:
     • Create a new group (e.g., mcp-service-accounts).
     • Add required roles (e.g., RHEL Advisor viewer, Inventory Hosts viewer, etc.).
     • Add your service account to this group.
   • Option B - Use existing group:
     • Open the existing group with the necessary role.
     • Now go to the Service accounts tab and add your service account to the group. 

Your service account will inherit all roles from the assigned group.

Integrations

The easiest way to deploy the insights-mcp server is using a container runtime like Podman or Docker. 

Make sure you have Podman installed. You can install Podman using this command:

On Fedora/RHEL/CentOS:

sudo dnf install podman

On macOS, use either Podman Desktop or:

brew install podman

Note that if you use Podman on macOS, you sometimes need to set the path to podmanexplicitly, or replace podman with the full path, as follows:

• /usr/local/bin/podman
• /opt/homebrew/bin/podman

You can find the path by running which podman in your terminal.

Connect your client

Red Hat Lightspeed MCP can work with a client of your choice, such as VSCode, Claude, or Gemini CLI. You can find the instructions to connect Red Hat Lightspeed MCP with your choice of client in GitHub README.md.

Security remarks

If you start this MCP server locally (with podman or docker) make sure the container is not exposed to the internet. In this scenario, it's probably fine to use INSIGHTS_CLIENT_ID and INSIGHTS_CLIENT_SECRET, although your MCP client (e.g., VSCode, Cursor, etc.) can get your INSIGHTS_CLIENT_ID and INSIGHTS_CLIENT_SECRET.

For a deployment where you connect to this MCP server from a different machine, you should consider that INSIGHTS_CLIENT_ID and INSIGHTS_CLIENT_SECRET are transferred to the MCP server, and you are trusting the remote MCP server not to leak them.

In both cases, if you are in doubt, please disable/remove the INSIGHTS_CLIENT_ID and INSIGHTS_CLIENT_SECRET from your account after you are done using the MCP server.

Join us and share your feedback

Now is a great time to test, experiment, and provide feedback when you connect existing Red Hat Lightspeed MCP with your LLMs. Whether you're exploring automation, enhancing incident processes, or building intelligent dashboards, this preview places powerful Red Hat Lightspeed capabilities at your LLM-driven fingertips.

This release offers early access to powerful MCP-driven workflows with Red Hat Lightspeed. We strongly encourage your feedback—including bug reports, requests for additional toolsets, and enhancement ideas—through the Red Hat Issue Router and by contributing to our GitHub repository. Your input will directly refine and shape the future of Red Hat Lightspeed MCP.