A single pane of glass for your KVM hypervisor fleet.
Inventory, live + offline migrations, snapshots, VNC consoles, mTLS between hosts, signed per-migration grants, in-app docs, Influx-backed metrics — all in one Go binary and a tiny agent.
Run KVM at any scale without an appliance, a license, or 50 SSH sessions.
Running KVM directly is great. Running ten of them is a chore. kvm-center gives you the central control surface KVM deserves — and ships as a single binary.
One server, many hypervisors
A stateless Go control plane and a ~7 MB agent per host. MongoDB for persistence, nothing else.
Migrations that just work
Live or offline, over native qemu+tls:// with Ed25519-signed per-migration grants. No SSH key sprawl, no shared NFS assumed.
Snapshots, consoles, metrics
Per-VM snapshot timelines, in-browser VNC, InfluxDB line-protocol metrics with a downloadable Grafana dashboard.
Auth that fits your org
Local users, API tokens, LDAP, SAML, OIDC, and 2FA — all in the same binary, configurable from the SPA.
Docs that ship with the code
server/docs/*.md is embedded and rendered in-app. The Help icon in the top bar is how your operators learn the product.
Signed releases, end to end
Cosign-signed Docker images, GPG-signed appliance qcow2 + SHA256SUMS. Public keys versioned in the repo.
What's in the box
Three install paths. Same kvm-center.
Pick on convenience, not lock-in. Switching later is "point the new install at the same Mongo and shut the old one down."
Smallest possible footprint. Multi-arch image (amd64 + arm64). Cosign-signed every release. Apple silicon Macs pull arm64 natively.
docker run -d --name kvm-center -p 8190:8443 \
-v kvm-center-data:/var/lib/kvm-center \
-e KVM_CENTER_PUBLIC_URL=https://localhost:8190 \
thedon21/kvm-center:latest
Open https://localhost:8190, accept the cert, walk the captive setup wizard.
Need MongoDB persistence? See the docker-compose recipe.
Pre-built qcow2 + GPG-signed checksums on GitHub Releases. Rocky Linux 9 minimal, MongoDB + kvm-center pre-installed, first-boot generates a random admin password.
V=v5.49.5
gh release download "$V" --repo donovanm21/kvmcenter \
--pattern 'kvm-center-appliance-*.qcow2' \
--pattern 'SHA256SUMS*'
gpg --verify SHA256SUMS.asc SHA256SUMS && sha256sum -c SHA256SUMS
sudo cp kvm-center-appliance-${V}.qcow2 /var/lib/libvirt/images/
sudo virt-install --name kvm-center --memory 2048 --vcpus 2 \
--disk path=/var/lib/libvirt/images/kvm-center-appliance-${V}.qcow2,bus=virtio \
--import --os-variant rocky9 --network bridge=virbr0 --noautoconsole
Then sudo virsh console kvm-center — the banner shows the URL and admin password.
Full flow incl. signature verification in the appliance docs.
For custom OS, ops shops with config-management, or hosts that already have everything they need.
Interactive installer walks you through Mongo creds, cluster DNS, and writes .env mode 0600.
git clone https://github.com/donovanm21/kvmcenter /opt/kvm-center
cd /opt/kvm-center
scripts/bootstrap.sh --interactive
Stack comes up on port 8190. Skip the TUI with scripts/bootstrap.sh --deploy for CI flows.
Full walkthrough in Getting started.
Stateless control plane. Tiny agents. Zero dependencies you don't already run.
The kvm-center-server runs anywhere a Go binary runs and talks HTTPS to a ~7 MB
agent on each hypervisor. East-west traffic between hosts uses native
qemu+tls:// with Ed25519-signed migration grants — no SSH key sprawl,
no shared NFS, no second control plane.
State lives in MongoDB. Optional Influx + Grafana for metrics. Auth plugs into whatever IdP you already trust (LDAP, SAML, OIDC) or runs standalone with local users + 2FA.
Read the architecture docsBrowser ─── :8190 ──▶ kvm-center-server (Go)
│ HTTPS · session / bearer
▼
MongoDB persistence
▲
│ HTTPS
▼
┌────────────┬────────────┐
│ │ │
hv01:8081 hv02:8081 hv03:8081
(kvm-center-agent systemd)
↕ ↕ ↕
└── qemu+tls :16514 (east-west) ──┘
signed grants · libvirt hook enforced