Conversation
…d vm-delete Skill Signed-off-by: r2dedios <alex.ansi.c@gmail.com>
…MCP-first approach and splitted troubleshooting documents by category to improve Agent context usage Signed-off-by: r2dedios <alex.ansi.c@gmail.com>
|
@dmartinol This PR is ready to be reviewed. Thanks |
|
|
||
| This skill clones VM configuration and optionally creates new storage or references existing storage. | ||
|
|
||
| NOT for snapshots (use vm-snapshot for point-in-time backups). |
There was a problem hiding this comment.
is vm-snapshot another skill? I can't see it here
| model: inherit | ||
| color: blue |
There was a problem hiding this comment.
where do model and color come from? I can't see them in the specs:
https://agentskills.io/specification#frontmatter-required
|
|
||
| ### Prerequisite Verification | ||
|
|
||
| **Before executing, verify MCP server availability:** |
There was a problem hiding this comment.
I imagine this check is common to multiple skills, so it could be moved into a dedicated skill and just reference it here
There was a problem hiding this comment.
Pull request overview
This PR enhances the OpenShift Virtualization agent with new VM lifecycle management capabilities and improves agent context efficiency through documentation reorganization.
Changes:
- Added VM Clone skill for duplicating VMs with flexible storage strategies (clone, share, or new empty storage)
- Added VM Delete skill with strict safety protocols including typed confirmation and protection label enforcement
- Enhanced VM Creator with interactive menu system for improved UX and MCP-first approach
- Reorganized troubleshooting documentation by error category (scheduling, storage, lifecycle, runtime, network) for 29% token reduction
- Refactored all skills to prioritize MCP tools over kubectl commands
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| rh-virt/skills/vm-delete/SKILL.md | New skill for permanent VM deletion with typed confirmation, pre-deletion validation, and storage cleanup options |
| rh-virt/skills/vm-clone/SKILL.md | New skill for VM cloning with storage strategy selection (clone/share/new), batch cloning support, and cross-namespace capabilities |
| rh-virt/skills/vm-creator/SKILL.md | Enhanced with interactive menu system, MCP-first refactoring, and improved ErrorUnschedulable diagnostics with VM restart workflow |
| rh-virt/skills/vm-lifecycle-manager/SKILL.md | Updated with references to reorganized troubleshooting docs and OPTIONAL document consultation pattern |
| rh-virt/skills/vm-inventory/SKILL.md | Added critical formatting rules (table vs list based on VM count), human-in-the-loop requirements section, and doc references |
| rh-virt/docs/troubleshooting/INDEX.md | New navigation hub with MCP-first pattern documentation and quick reference for CLI→MCP mapping |
| rh-virt/docs/troubleshooting/scheduling-errors.md | ErrorUnschedulable diagnostics with MCP tools first, CLI fallback pattern |
| rh-virt/docs/troubleshooting/storage-errors.md | Storage provisioning, deletion, and cloning errors with MCP-first diagnostic procedures |
| rh-virt/docs/troubleshooting/lifecycle-errors.md | VM stuck terminating, won't start/stop issues with MCP-first solutions |
| rh-virt/docs/troubleshooting/runtime-errors.md | CrashLoopBackOff diagnostics and workaround patterns for MCP tool limitations |
| rh-virt/docs/troubleshooting/network-errors.md | Network attachment failures and Multus/SR-IOV troubleshooting |
| rh-virt/docs/troubleshooting/.ai-index/semantic-index.json | Semantic index mapping skills and errors to documentation for progressive disclosure |
| rh-virt/docs/troubleshooting.md | Deleted - replaced by categorized documentation structure |
| rh-virt/README.md | Updated to reflect 5 skills, new workflows, and reorganized documentation references |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ⚠️ **This is a temporary limitation**: The openshift-virtualization MCP server doesn't yet support tolerations parameter in vm_create. Consider filing an issue at: https://github.com/openshift/openshift-mcp-server/issues | ||
| ``` |
There was a problem hiding this comment.
The vm-creator skill requires users to restart the VM after patching tolerations (line 810-841), but this critical step is not mentioned in the initial workaround proposal shown to the user. The restart is necessary because patching the VM spec doesn't immediately update the existing VirtualMachineInstance - it only affects future VMI creations. Without the restart, the toleration won't take effect and the VM will remain ErrorUnschedulable.
The user should be informed upfront in the diagnostic workflow (around line 745) that applying the workaround will require a VM restart to take effect.
| "--userns=keep-id:uid=65532,gid=65532", | ||
| "-v", "${KUBECONFIG}:/kubeconfig:ro,Z", | ||
| "--entrypoint", "/app/kubernetes-mcp-server", | ||
| "quay.io/ecosystem-appeng/openshift-mcp-server:latest", |
There was a problem hiding this comment.
In the sample .mcp.json configuration, the container image for the openshift-virtualization MCP server is pinned only to the mutable latest tag ("quay.io/ecosystem-appeng/openshift-mcp-server:latest") even though this container is started automatically with KUBECONFIG mounted and host networking enabled. If an attacker ever gains the ability to push or replace that tag in the registry, they could ship a malicious image that exfiltrates cluster credentials or tampers with cluster resources when developers follow this configuration. To reduce this supply-chain risk, pin the MCP server image to an immutable reference (specific version tag or digest) in the documented configuration and recommend that users do the same.
| "-v", "${KUBECONFIG}:/kubeconfig:ro,Z", | ||
| "--entrypoint", "/app/kubernetes-mcp-server", | ||
| "quay.io/ecosystem-appeng/openshift-mcp-server:latest", | ||
| "--kubeconfig", "/kubeconfig", |
There was a problem hiding this comment.
In the sample .mcp.json configuration, the MCP server image is referenced as "quay.io/ecosystem-appeng/openshift-mcp-server:latest", which is a mutable tag, while the container is run automatically with KUBECONFIG mounted and host networking. Using an unpinned latest image for a privileged helper like this creates a supply-chain risk: if that tag is ever compromised or replaced upstream, developers who follow this config could unintentionally run malicious code with access to their cluster. To harden this, update the documented configuration to pin the image to a specific version or digest and instruct users to avoid latest for this server.
2 participants
Summary
This PR enhances the OpenShift Virtualization agent skills with new VM lifecycle management capabilities and improves the overall agent context efficiency.
Changes
New Skills
Enhancements