libvirt-mcp

libvirt-mcp

Enables management of KVM/QEMU virtual machines on remote libvirt hosts via SSH, with tools for inspection, lifecycle management, snapshots, and cloning.

Category
Visit Server

README

libvirt-mcp

A Model Context Protocol (MCP) server for managing KVM/QEMU virtual machines on remote libvirt hosts. Talks libvirt RPC over SSH — no agent on the hypervisor, no need to install anything on the target host beyond the standard libvirtd.

Functionally a "virt-manager for LLMs": inspect, start/stop, snapshot, clone, and delete KVM/QEMU domains through 13 MCP tools.

Tools

Group Tools
Inspection list_domains, domain_info, snapshot_list, screenshot
Lifecycle start_domain, shutdown_domain (ACPI + poll), reboot_domain, force_destroy_domain
Snapshots snapshot_create, snapshot_revert, snapshot_delete
Management clone_from_template (linked clone), delete_domain (with optional wipe_disks)

Destructive operations (force_destroy_domain, snapshot_revert, snapshot_delete, delete_domain) require an explicit confirm=True argument so an LLM can't fire them by accident.

Architecture

┌──────────────┐                          ┌──────────────────────┐
│ MCP client   │  ── stdio (JSON-RPC) ──▶ │ libvirt-mcp          │
│ Claude Code, │                          │ (Docker container)   │
│ Desktop, …   │                          │  • libvirt-python    │
└──────────────┘                          │  • mcp SDK           │
                                          └──────────┬───────────┘
                                                     │
                                                     │ qemu+ssh://user@host/system
                                                     │ (uses host's ~/.ssh/)
                                                     ▼
                                          ┌──────────────────────┐
                                          │ Hypervisor           │
                                          │  • libvirtd          │
                                          │  • qemu-kvm          │
                                          └──────────────────────┘

The MCP server runs inside a Docker container (so libvirt-dev headers don't need to be installed on your machine). It bind-mounts your ~/.ssh read-only and uses standard libvirt SSH transport, inheriting ~/.ssh/config, agent forwarding, jump hosts, etc.

Setup

1. Pull the image

The container image is published as ghcr.io/rzippert/libvirt-mcp (public — no auth required, even though the source repo is private):

docker pull ghcr.io/rzippert/libvirt-mcp:latest

Tags published:

  • latest — head of main
  • X.Y.Z and X.Y — from git tags vX.Y.Z (the v prefix is dropped per Docker convention)
  • main, sha-<short> — for traceability

2. Create your config

mkdir -p ~/.config/libvirt-mcp
cat > ~/.config/libvirt-mcp/config.toml <<'EOF'
default_profile = "primary"

[profiles.primary]
uri = "qemu+ssh://user@hypervisor.example.com/system"
description = "Primary KVM hypervisor"
EOF
$EDITOR ~/.config/libvirt-mcp/config.toml

The libvirt URI is standard. SSH keys come from your host's ~/.ssh/. Make sure you can already connect:

ssh user@hypervisor.example.com virsh -c qemu:///system list --all

3. Wire it up to an MCP client

Claude Code

claude mcp add libvirt --scope user -- \
  docker run -i --rm \
    -v "$HOME/.ssh:/home/ubuntu/.ssh:ro" \
    -v "$HOME/.config/libvirt-mcp/config.toml:/etc/libvirt-mcp/config.toml:ro" \
    --network host \
    -e LIBVIRT_MCP_CONFIG=/etc/libvirt-mcp/config.toml \
    ghcr.io/rzippert/libvirt-mcp:latest

Verify with claude mcp list. Remove with claude mcp remove libvirt --scope user.

Claude Desktop

Edit claude_desktop_config.json:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "libvirt": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-v", "/Users/youruser/.ssh:/home/ubuntu/.ssh:ro",
        "-v", "/Users/youruser/.config/libvirt-mcp/config.toml:/etc/libvirt-mcp/config.toml:ro",
        "--network", "host",
        "-e", "LIBVIRT_MCP_CONFIG=/etc/libvirt-mcp/config.toml",
        "ghcr.io/rzippert/libvirt-mcp:latest"
      ]
    }
  }
}

Replace /Users/youruser with your home directory. On Windows use forward slashes or double-escape backslashes. Restart Claude Desktop after editing.

VS Code (GitHub Copilot Chat MCP)

Create .vscode/mcp.json in your workspace (project-scoped) or add to user settings:

{
  "servers": {
    "libvirt": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-v", "${userHome}/.ssh:/home/ubuntu/.ssh:ro",
        "-v", "${userHome}/.config/libvirt-mcp/config.toml:/etc/libvirt-mcp/config.toml:ro",
        "--network", "host",
        "-e", "LIBVIRT_MCP_CONFIG=/etc/libvirt-mcp/config.toml",
        "ghcr.io/rzippert/libvirt-mcp:latest"
      ]
    }
  }
}

VS Code expands ${userHome} and ${workspaceFolder}. Open the Copilot Chat panel → MCP servers → enable libvirt.

Configuration reference

~/.config/libvirt-mcp/config.toml (or override with LIBVIRT_MCP_CONFIG):

default_profile = "primary"   # used when a tool is called without `profile=`

[profiles.<name>]
uri = "qemu+ssh://user@host/system"   # standard libvirt URI
description = "Free-form description for humans"

Config search order:

  1. $LIBVIRT_MCP_CONFIG env var
  2. ~/.config/libvirt-mcp/config.toml
  3. ./config.dev.toml
  4. ./config.toml

Safety model

  • Allow-list validation on domain names (^[a-z0-9][a-z0-9-]{0,30}$), bridge names, and absolute paths (no .. segments).
  • Inspection tools open read-only libvirt connections; state-changing tools open read-write connections only when invoked.
  • Confirmation gates on destructive operations: force_destroy_domain, snapshot_revert, snapshot_delete, delete_domain all require confirm=True.
  • No subprocess on the hypervisor: every operation is pure libvirt RPC (no qemu-img, no virt-install, no virsh shell-out). Disk volumes are created and deleted through libvirt's storage volume API, reusing any active dir-pool that covers the target path or transparently creating a transient one.

Development

git clone git@github.com:rzippert/libvirt-mcp.git
cd libvirt-mcp
cp config.example.toml config.dev.toml && $EDITOR config.dev.toml
docker compose build
docker compose run --rm dev bash

Inside the dev container, source on the host (bind-mounted at /workspace) shadows the installed package via PYTHONPATH, so edits take effect immediately. Exercise tools directly:

python -c "from libvirt_mcp.tools.readonly import list_domains; \
           import json; print(json.dumps(list_domains(), indent=2))"

Project layout:

libvirt_mcp/
├── __main__.py        # python -m libvirt_mcp → mcp.run() (stdio)
├── server.py          # FastMCP instance
├── connections.py     # config loader + connect() context manager
├── states.py          # VIR_DOMAIN_* → string
└── tools/
    ├── readonly.py    # inspection
    ├── lifecycle.py   # start/shutdown/reboot/force_destroy
    ├── snapshot.py    # snapshot CRUD (revert/delete gated)
    └── management.py  # clone_from_template, delete_domain

Publishing happens automatically via .github/workflows/publish.yml on push to main and on v* tags (multi-arch: linux/amd64, linux/arm64).

License

GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured