This guide explains how to deploy the Release Tests MCP server on your VM for remote access.
┌─────────────────┐ HTTP/SSE ┌─────────────────┐
│ Your Laptop │◄─────────────────────────►│ VM Server │
│ - Claude Code │ http://vm-hostname:8000 │ - OAR CLI │
│ - Other AI │ │ - Credentials │
│ tools │ │ - MCP Server │
└─────────────────┘ └─────────────────┘
On the VM, ensure you have:
- ✅ OAR installed and working (
oar --version,oarctl --help) - ✅ Prow job tools installed (
job --help,jobctl --help) - ✅ All credentials configured in
~/.bash_profileor~/.bashrc - ✅ Python 3.12 with pip
- ✅ Active Kerberos ticket (run
kinitbefore starting server)
The MCP server requires all CLI tools to be installed:
# On the VM
cd ~/coderepo/release-tests
# Install OAR CLI (oar, oarctl)
pip3 install -e .
# Install Prow job tools (job, jobctl)
cd prow
pip3 install -e .
cd ..
# Verify installations
oar --version
oarctl --help
job --help
jobctl --helppip3 install fastmcpTest that the server can run:
# Load your environment
source ~/.bash_profile
# Check credentials are loaded
echo $OAR_JWK # Should print your JWK key
# Test the server (Ctrl+C to stop)
python3 -m mcp_server.serverYou should see:
INFO - Starting Release Tests MCP Server
INFO - Transport: SSE (HTTP)
INFO - Running on http://127.0.0.1:8000
Edit mcp_server/server.py and change the last line:
# Change from:
mcp.run(transport="sse")
# To (listen on all interfaces):
mcp.run(transport="sse", sse_params={"host": "0.0.0.0", "port": 8080})# Check if firewalld is running
sudo systemctl status firewalld
# If running, open the MCP server port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
# Verify
sudo firewall-cmd --list-ports# Copy service file to systemd directory
sudo cp deployment/systemd/release-tests-mcp.service /etc/systemd/system/
# Edit the service file to set your username and paths
sudo vi /etc/systemd/system/release-tests-mcp.serviceEdit these fields:
User=your-username→ Replace with your actual VM usernameWorkingDirectory=/home/your-username/coderepo/release-tests→ Adjust path
# Reload systemd to recognize new service
sudo systemctl daemon-reload
# Enable service to start on boot
sudo systemctl enable release-tests-mcp
# Start the service
sudo systemctl start release-tests-mcp
# Check status
sudo systemctl status release-tests-mcpExpected output:
● release-tests-mcp.service - Release Tests MCP Server
Loaded: loaded (/etc/systemd/system/release-tests-mcp.service; enabled)
Active: active (running) since ...
# Follow logs in real-time
sudo journalctl -u release-tests-mcp -f
# View recent logs
sudo journalctl -u release-tests-mcp -n 50
# View logs since last boot
sudo journalctl -u release-tests-mcp -bSince Kerberos tickets expire, you need to renew them periodically:
Option A: Manual Renewal (before starting service)
kinit your-username@DOMAIN
sudo systemctl restart release-tests-mcpOption B: Keytab for Auto-Renewal (recommended for production)
# Create keytab (ask your admin if you don't have one)
# ktutil, addent, wkt /home/your-username/.keytab
# Add to systemd service:
ExecStartPre=/usr/bin/kinit -k -t /home/your-username/.keytab your-username@DOMAIN
# Add cron job for periodic renewal
crontab -e
# Add: 0 */6 * * * /usr/bin/kinit -k -t /home/your-username/.keytab your-username@DOMAINAdd to your Claude Code MCP settings:
File: ~/.config/claude-code/mcp_settings.json (macOS/Linux)
File: %APPDATA%\claude-code\mcp_settings.json (Windows)
{
"mcpServers": {
"release-tests": {
"transport": "sse",
"url": "http://your-vm-hostname.redhat.com:8080/sse"
}
}
}Important: Replace your-vm-hostname.redhat.com with your actual VM hostname or IP.
from mcp import ClientSession
from mcp.client.sse import sse_client
async with sse_client(
url="http://your-vm-hostname.redhat.com:8080/sse"
) as (read, write):
async with ClientSession(read, write) as session:
# List available tools
tools = await session.list_tools()
print(f"Available tools: {[t.name for t in tools]}")
# Call a tool
result = await session.call_tool(
"oar_check_greenwave_cvp_tests",
arguments={"release": "4.19.1"}
)
print(result)# On the VM
curl http://localhost:8080/sseShould return SSE stream or connection info.
# On your laptop
curl http://your-vm-hostname.redhat.com:8080/sseShould also connect successfully.
- Restart Claude Code after adding MCP settings
- In a conversation, ask: "What MCP tools are available?"
- Claude should list the release-tests tools
- Try: "Check greenwave CVP tests for release 4.19.1"
# Check detailed error logs
sudo journalctl -u release-tests-mcp -xe
# Common issues:
# 1. Missing dependencies → pip3 install fastmcp
# 2. Wrong user in service file
# 3. Environment variables not loaded → check bash_profile# On VM, check if service is listening
sudo netstat -tlnp | grep 8080
# Should show: tcp 0.0.0.0:8080 ... LISTEN
# Check firewall
sudo firewall-cmd --list-ports
# Test connectivity from laptop
telnet your-vm-hostname.redhat.com 8080# On VM
klist # Check ticket status
# If expired:
kinit your-username@DOMAIN
sudo systemctl restart release-tests-mcp# Test that bash login shell loads variables
/bin/bash -l -c 'echo $OAR_JWK'
# Should print your key
# If empty, check ~/.bash_profile or ~/.bashrc
grep OAR_JWK ~/.bash_profile ~/.bashrcSince this is running on internal network:
✅ Network Security: VM accessible only from corporate network/VPN ✅ Credential Security: Environment variables not exposed in systemd file ✅ Access Control: Limited to users who can reach VM network
Note: If you need to expose outside internal network, add authentication layer.
# Start service
sudo systemctl start release-tests-mcp
# Stop service
sudo systemctl stop release-tests-mcp
# Restart service
sudo systemctl restart release-tests-mcp
# Check status
sudo systemctl status release-tests-mcp
# Enable auto-start on boot
sudo systemctl enable release-tests-mcp
# Disable auto-start
sudo systemctl disable release-tests-mcp
# View logs
sudo journalctl -u release-tests-mcp -fOnce configured, these tools are available to AI agents:
oar_check_greenwave_cvp_tests- Check CVP test statusoar_check_cve_tracker_bug- Check CVE coverageoar_image_signed_check- Verify image signatures
oar_image_consistency_check- Check/start image consistency testsoar_stage_testing- Check/start stage testing
oar_create_test_report- Create new test reportoar_take_ownership- Assign release owneroar_update_bug_list- Sync bugs from advisoryoar_push_to_cdn_staging- Push to CDN stagingoar_drop_bugs- Remove unverified bugsoar_change_advisory_status- Change advisory statusoar_add_qe_approval- Add QE approval
oarctl_start_release_detector- Start release detector agentoarctl_jira_notificator- Run Jira notificator
job_run- Run Prow jobjobctl_start_controller- Start job controller for monitoring buildsjobctl_trigger_jobs_for_build- Trigger Prow jobs for specific buildjobctl_start_aggregator- Start test result aggregatorjobctl_promote_test_results- Promote test results for a buildjobctl_update_retried_job_run- Update retried job run information
oar_get_release_metadata- Get release metadata (advisories, jira ticket, builds, etc.)- Note: Does NOT expose sensitive data (Slack contacts, credentials)
- Safe to use without authentication
- ✅ Deploy server on VM
- ✅ Configure Claude Code on laptop
- ✅ Test basic commands
- Consider: Add more OAR commands as MCP tools
- Consider: Add custom resources for config/state access
For issues or questions:
- Check logs:
sudo journalctl -u release-tests-mcp -n 100 - GitHub Issues: https://github.com/openshift/release-tests/issues