Building a bootable OS image should feel as seamless as building a container. That's the goal of image mode for Red Hat Enterprise Linux (RHEL). A key advantage for developers using image mode with RHEL is the integration of AI-assisted troubleshooting directly into the development loop.
By leveraging the Model Context Protocol (MCP), you can connect VS Code or Cursor to two specialized intelligence streams: One for local system telemetry and one for global proactive security.
Red Hat provides two MCP servers that can help you diagnose issues with your image mode for RHEL servers:
- MCP server for RHEL gives your AI agent a live look at the OS to read
journalctl, checksystemctlunits, and inspect resource pressure. - MCP server for Red Hat Lightspeed (formerly Insights) for RHEL queries Red Hat's proactive analytics to identify CVEs and best practice drift before you ever push your images to production.
Step 1: Generate your AI bridge keys
Before configuring your IDE or image, you need a dedicated SSH key pair for the MCP server. Run this in your build environment:
$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_mcp \
-C "rhel-mcp-agent" -N ""For the example below, you must obtain values for the LIGHTSPEED_CLIENT_ID and LIGHTSPEED_CLIENT_SECRET variables required to connect the MCP Server for Red Hat Lightpeed to the Red Hat Lightspeed services.. To obtain these, log into the Red Hat Lightspeed console at console.redhat.com and configure a service account or API client for Red Hat Lightspeed.
After you have the values, you can set them to automatically load on Linux in $HOME/.bashrc. Set these variables in your environment before the IDE launches the MCP server.
# Values for these variables are from console.redhat.com
export LIGHTSPEED_CLIENT_ID="[Your ID Here]"
export LIGHTSPEED_CLIENT_SECRET="[Your Secret Here]"Step 2: Configuring your AI agent
This configuration script is for a generic IDE configuration file (for example, mcp.json) compatible with editors such as VS Code and Cursor. Add the following to your IDE's MCP configuration file. Note how you mount your .ssh directory so the MCP container can use the key you just created.
{
"mcpServers": {
"rhel-runtime": {
"type": "stdio",
"command": "podman",
"args": [
"run", "-i", "--rm",
"-v", "${env:HOME}/.ssh:/root/.ssh:ro",
"quay.io/redhat/rhel-mcp-server:latest"
],
"env": {
"LINUX_MCP_USER": "mcp",
"LINUX_MCP_HOST": "192.168.122.50",
"LINUX_MCP_SSH_KEY_PATH": "/root/.ssh/id_ed25519_mcp"
}
},
"redhat-lightspeed": {
"type": "stdio",
"command": "podman",
"args": [
"run", "-i", "--rm",
"--env", "LIGHTSPEED_CLIENT_ID",
"--env", "LIGHTSPEED_CLIENT_SECRET",
"quay.io/redhat-services-prod/insights-mcp:latest"
]
}
}
}Step 3: Designing the registered image
In your Containerfile, prepare the environment for both remote host configuration (rhc) and secure AI access with the mcp user:
FROM quay.io/redhat/redhat-bootc:9.4
# Install rhc, cloud-init, and openssh-server
RUN dnf -y install rhc cloud-init openssh-server && dnf clean all
# Create the dedicated mcp user bridge
RUN useradd -m -G wheel mcp && \
echo "mcp ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/mcp
# Enable services for first boot
RUN systemctl enable cloud-init sshd
COPY . /app
RUN bootc installStep 4: Zero-touch registration and access with cloud-init
Paste the public key you generated in step 1 into your cloud-config. This allows the MCP server to log in automatically without a password. An example cloud-config:
#cloud-config
users:
- name: mcp
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
# cat ~/.ssh/id_ed25519_mcp.pub
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmcpAgentExampleKey12345 rhel-mcp-agent
rh_subscription:
org: "1234567"
activation-key: "development-stack-key"
auto-attach: true
runcmd:
- [ rhc, connect ]Troubleshooting the configuration
If your IDE reports a connection refused error, have a look at these three common friction points:
- A
bootcsystem takes a few seconds to initializesshd. Wait 10 seconds and retry. - Ensure that
LINUX_MCP_HOSTinmcp.jsonmatches the actual IP of the running container (obtained withpodman inspect <id>). - Try
ssh -i ~/.ssh/id_ed25519_mcp mcp@<container-ip>. If this fails, your MCP server will also fail. Check for a local firewall blocking port 22.
MCP servers in action
By integrating the Model Context Protocol into your RHEL image, your coding assistant gains two streams of information you can utilize proactively to make bootable images more reliable and performant. For example :
- Red Hat Lightspeed for RHEL queries Red Hat's proactive analytics on a scheduled basis. The Red Hat Lightspeed MCP server provides a real-time bridge between LLMs and the Red Hat Lightspeed for RHEL proactive analytics. You can use it to find out how an upcoming Red Hat Enterprise Linux release will affect your specific environment as well as to flag newly discovered common vulnerabilities and exposures (CVE) relevant to the packages in your image. This identifies security risks and "best practice" drift before you commit a single line of code to production.
- The RHEL MCP server gives your AI agent an on-demand, live look at the state of your operating system. This allows for immediate root-cause analysis on performance issues by reading system telemetry, inspecting resource pressure (CPU, memory), and checking for overloaded system components like journal files.
- RHEL MCP server can directly read
journalctland inspect critical systemd units, such asNetworkManagerorsshd, and help your coding assistant to quickly diagnose issues in areas such as network connectivity, firewall misconfiguration, and service dependencies that cause connection refusals. You get this without having to analyze logs yourself, or to manually scrape data and copy/paste it into an assistant.
Next steps
Red Hat MCP servers can help you move beyond manual system troubleshooting. By integrating image mode for RHEL with the Model Context Protocol, you streamline your pipeline. You get a single, bootable container image that's secure, fully registered, and instantly debuggable by AI agents right inside your IDE.
To learn more and get started, check out these resources:
